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Taking  outsourced  functions  back  is  tricky.  Here’s  how.  Full  coverage  of  Mobile  &  Wireless  World. 
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CTO  Craig  Murphy 
compares  Sabre’s 
IT  upgrade  to  a  slow 
but  steady  drive 
through  a  snowstorm. 


an  FLIES  TOo  , 

Open  Systems 


Sabre,  the  first  real-time  business  application,  be¬ 
came  the  poster  child  of  IT  for  “competitive  advan¬ 
tage”  in  the  1980s.  Now  Gary  H.  Anthes  reports  on 
an  overhaul  of  the  mainframe  shopping  engine  in 
favor  of  commodity  servers  and  Linux.  Page  21 
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Software  Licensing 
Emerges  as  Grid  Obstacle 

Users  say  accounting  issues,  rather  than  tech  challenges,  are  the  problem 


BY  PATRICK  THIBODEAU 

PHILADELPHIA 

Many  grid  computing  users 
are  finding  that  the  key 
challenge  they’re  facing 
isn’t  implementing  the 
technology.  It’s  figuring 
out  how  to  pay  for  it. 

Software  licensing 
contracts,  especially 
those  with  small  software  ven¬ 
dors,  are  generally  unsuited  to 
grid  environments,  which  can 
quickly  scale  up  or  down  de¬ 
pending  on  demand,  said 
users  at  the  Grid  Today  2004 
conference  here  last  week. 

“One  of  the  biggest  prob¬ 
lems  of  the  grid  is  account¬ 
ing,”  said  John  Hurley,  director 
of  grid  evaluation  and  imple¬ 
mentation  at  The  Boeing  Co. 
in  Chicago.  “How  do  you  pay 

Microsoft  Buys 
Users  Time 
With  Extension 

Updated  product 
support  policy  calls 
for  10-year  minimum 

BY  CAROL  SLIWA 

SAN  DIEGO 

User  reaction  was  generally 
upbeat  after  Microsoft  Corp. 
announced  last  week  that  it 
plans  to  extend  the  support 
phase  for  business  and  devel¬ 
oper  products  to  a  minimum 
of  10  years. 

The  support  policy,  which 
takes  effect  Tuesday,  updates 
Microsoft,  page  15 


for  things?  How  do  you  set 
charges?” 

Hurley  said  he  believes  that 
software  vendors  are  starting 
to  address  grid  licens¬ 
ing  issues,  but  it  will 
take  time  to  resolve 
them.  The  grid  envi¬ 
ronment  “is  new  for 
them  also,”  he  noted. 

If  a  software  license  is  based 
on  CPU  usage,  for  example, 
costs  can  quickly  escalate  as 
more  processors  are  called 


Interior  Department 
audits  $500M  blanket 
agreement  with  CACI 

BY  DAN  VERTON 

The  U.S.  Department  of  the 
Interior’s  inspector  general  is 
reviewing  the  contracting  pro¬ 
cedures  that  allowed  the  U.S. 
Army  to  use  an  IT  services 
contract  to  hire  civilian  inter- 


into  service  in  a  grid  environ¬ 
ment.  A  grid  is  an  installation 
that  taps  the  computing  power 
of  a  large  number  of  PCs  or 
servers  to  run  compute-inten¬ 
sive  applications. 

Software  vendors  “cannot 
license  their  software  around 
a  true  on-demand  compute 
model,”  said  Chris  Bennett, 
group  leader  at  Acxiom  Corp. 
The  Little  Rock,  Ark. -based 
data  integration  company  is 

Grid,  page  49 


rogators  for  work  in  Iraqi  lo¬ 
cations,  including  the  now- 
infamous  Abu  Ghraib  prison 
near  Baghdad. 

The  contract  in  question  is 
a  $500  million  blanket  pur¬ 
chase  agreement  for  IT  ser¬ 
vices  administered  by  the  In¬ 
terior  Department  on  behalf 
of  the  Army.  The  deal  was 
originally  awarded  in  1998  to 
Army,  page  49 
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Early  adopters  see 
grid's  potential: 

QuickLink 

047212 


Army’s  Use  of  IT  Contract  to 
Hire  Interrogators  Questioned 
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software  and  services  that  put  time  on 
your  side.  Our  applications  will  do  what 
we  say  they  will.  Our  upgrades  will  mean 
measurable  improvements.  And  our  ability 
to  maximize  your  time  will  help  keep  you 

competitive.  After  all,  seeing  is  believing. 
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It’s  Time: 
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Enterprise-grade  IM.  How  will  it  make  you  feel? 


Running  Microsoft®  Office  Live  Communications  Server  means  instant  messaging  is  now 
encrypted  and  more  secure.  All  activity  can  be  logged  and  archived.  And  it  easily  integrates 
with  your  existing  Microsoft  programs  and  IT  infrastructure.  Now,  IT  is  more  in  control,  users 
are  more  productive,  and  management  breathes  an  audible  sigh  of  relief.  Way  to  go,  hero. 

Experience  it  for  yourself  at  microsoft.com/livecomm/trial 


Server  2003 


©  2004  Microsoft  Corporation.  All  rights  reserved.  Microsoft,  the  Office  logo,  and  "Your  potential.  Our  passion."  are  either  registered  trademarks 
or  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries. 


Information  Highway  Patrol 

In  the  Technology  section:  Liability 
and  productivity  concerns  have  in¬ 
creased  interest  in  products  that 
monitor  and  enforce  employees’ 
compliance  with  e-mail  and  Internet 
acceptable-use  policies.  Page  28 
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Killing  Time  on  IT  Projects 

In  the  Management  section:  Time  is 
the  bane  of  project  managers.  Here  are 
some  tips  to  help  keep  you  and  your 
project  team  from  wasting  it.  Page  36 
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6  EMC  launches  an  entry-level 
disk  array,  but  the  device  can’t 
be  managed  by  its  Control- 
Center  tools. 

7  Ingres  database  users  are 

heartened  by  CA’s  plan  to  re¬ 
lease  the  software  under  an 
open-source  license. 

7  Sun  streamlines  its  identity 
management  products,  fully 
integrating  Waveset’s  tech¬ 
nologies  with  its  own. 

12  Antispyware  tools  offer  com¬ 
panies  a  way  to  centrally  elim¬ 
inate  the  security  problems 
posed  by  adware  and  spyware. 

12  The  DHS’s  IT  integration 

efforts  are  lagging,  says  the 
GAO,  even  as  the  department 
bolsters  its  security  plans  for 
a  period  of  heightened  threat. 

13  Rogue  wireless  installations 

complicate  technical  support 
and  pose  security  problems, 
say  some  IT  managers. 

14  The  U.S.  Postal  Service  is 

installing  a  single  sign-on 
system  designed  to  support 
about  155,000  employees. 

14  BEA’s  Diablo  app  server  is 
intended  to  let  users  upgrade 
and  patch  applications  with¬ 
out  having  to  go  off-line. 

16  Linus  Torvalds  proposes 

tighter  tracking  of  contribu¬ 
tions  to  the  Linux  kernel. 

16  Microsoft  eyes  Cisco  market 
and  says  hardware  vendors 
will  sell  its  ISA  Server  prod¬ 
uct  on  their  firewall  devices. 


21  Sabre  Flies  to  Open  Systems. 

Here’s  how  the  travel  systems 
company  migrated  its  19605- 
era  mainframe-based  shop¬ 
ping  engine  to  a  new  architec¬ 
ture  built  on  Linux  and  HP 
NonStop  servers. 

30  QuickStudy:  RSS.  This  XML- 
based  format  lets  Web  site 
administrators  syndicate  Web 
content  for  publication  on 
other  sites  —  and  keeps  the 
information  up  to  date. 

See  Computerworlcf  s  RSS  feeds: 
0  QuickLink  a4600 

31  Security  Manager’s  Journal: 
Worm  Lays  Waste  to  IT’s 
Defenses.  Unpatched  servers 
in  a  test  lab  provide  the  per¬ 
fect  launching  pad  for  a  Sasser 
attack. 

MANAGEMENT 

33  End  of  the  Affair.  Taking 
outsourced  functions  back 
in-house  is  a  complicated  and 
tricky  business.  CIOs  who 
have  done  it  say  planning 
ahead  and  attention  to  detail 
can  make  all  the  difference. 

38  Boutique  Shopping.  Special¬ 
ized  IT  consulting  firms  can 
add  deep  experience  and 
agility  to  IT  projects,  but 
there  are  risks  to  be  managed 
as  well. 

40  Career  Watch.  A  Premier  100 
IT  Leader  offers  readers 
career  advice.  Plus,  a  statistic 
on  big-time  morale  problems 
among  IT  workers,  and  a 
quick  profile  of  this  year’s 
college  graduates. 


8  On  the  Mark:  Mark  Hall 

reports  that  Sun’s  unique  li¬ 
cense  scheme  for  its  Java  tools 
will  spread  beyond  Solaris. 

18  Maryfran  Johnson  says  that 
when  it  comes  to  monitoring 
employee  e-mail,  it’s  not  IT’s 
role  to  decide  if  and  when  to 
deploy  the  technology. 

18  David  Moschella  observes 
that  for  the  first  time,  vendors 
are  taking  a  back  seat  to  users 
in  the  development  of  infor¬ 
mation  technologies. 

19  Virginia  Robbins  sees  some 
hope  for  IT  managers  who  are 
trying  to  keep  their  technol¬ 
ogy  infrastructures  up  to  date 
in  budget-constrained  times. 

32  Curt  A.  Monash  believes  your 
organization  can  introduce 
new  and  better  analytical 
business  processes  —  you  just 
have  to  do  it  a  chunk  at  a  time. 

41  Catherine  A.  Tomczyk  learned 
most  of  what  she  needs  to 
know  to  keep  IT  projects  on 
track  in  kindergarten. 

50  Frankly  Speaking:  Frank 
Hayes  says  Tim  Berners-Lee’s 
vision  of  the  next-generation 
Web  is  closer  than  you  think, 
and  it’ll  matter  to  you  more 
than  you  might  expect. 
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How  to  Survive  Federal 
Spam  Restrictions 

IT  MANAGEMENT:  Two  attorneys  offer  guide¬ 
lines  for  nonspamming  businesses  on  how  to 
to  navigate  CAN-SPAM  compliance  issues. 

0  QuickLink  46666 

What  Makes  a 
Supply  Chain  Successful 

ERP/SUPPLY  CHAIN:  Today’s  global  and 
complex  supply  chains  are  fragile,  subject 
to  disruption  by  any  number  of  events  in 
the  world.  UPS’s  Bob  Stoffel  lists  the  keys 
to  building  supply  chains  that  don’t  break 
down.  O  QuickLink  47032 


Five  PC  ‘Security  Guards’ 

SECURITY:  These  tips  from  IBM’s  director  of 
security  and  wireless  solutions  can  help  you 
protect  your  perimeter.  O  QuickLink  46952 


The  Defense-in-Depth 
Approach  to  Malware 

SECURITY:  With  the  right  tools  to  protect 
workstations  and  servers  from  malicious 
software,  your  chances  of  suffering  a  cata¬ 
strophic  loss  are  greatly  diminished,  explains 
columnist  Douglas  Schweitzer. 

0  QuickLink  46984 

ITs  Best,  Worst  Vendors 

The  results  of  our  exclusive  customer- 
satisfaction  survey  are  still  available  at 

vyrww.computerworld.com/satisfaction  (free 
registration  required). 


What’s  a  QuickLink? 


O  Throughout  each  issue  of 
Computerworld,  you'll 
see  five-digit  QuickLink  codes 
pointing  to  related  content  on 
our  Web  site.  Also,  at  the  end  of 
each  story,  a  QuickLink  to  that 
story  online  facilitates  sharing  it 
with  colleagues.  Just  enter  any 
of  those  codes  into  the  Quick¬ 
Link  box.  which  is  at  the  top  of 
every  page  on  our  site. 
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Breaking  News 

0  QuickLink  a1510 

Newsletter 

Subscriptions 

0  QuickLink  a1430 

Knowledge  Centers 

0  QuickLink  a2570 

The  Online  Store 

0  QuickLink  a2420 
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HP  Will  Support 
MySQL,  JBoss 

Hewlett-Packard  Co.  this  week 
plans  to  announce  that  it  will  pro¬ 
vide  technical  support  for  the 
MySQL  open-source  database 
and  JBoss  application  server  to 
users  of  its  ProLiant  and  Integrity 
servers.  HP  said  its  agreements 
with  MySQL  AB  and  JBoss  Inc. 
take  effect  on  Tuesday.  As  part  of 
the  deals,  the  two  open-source 
technologies  will  be  tested  and 
certified  for  use  on  HP’s  servers. 


Treasury  Dept. 
Names  IT  Chief 

The  U.S.  Department  of  the  Trea¬ 
sury  named  Ira  Hobbs  as  its  new 
CIO,  effective  June  13.  Hobbs  has 
been  deputy  CIO  at  the  Depart¬ 
ment  of  Agriculture  for  the  past 
seven  years  and  is  co-chairman 
of  the  federal  CIO  Council’s  Work¬ 
force  and  Human  Capital  for  IT 
Committee.  He  replaces  Drew  Lad¬ 
ner,  who  left  the  agency  April  30. 


CA  Offers  to  Settle 
Cases,  Makes  Profit 

Computer  Associates  International 
Inc.  reported  an  $89  million  profit 
for  the  fourth  quarter  of  fiscal 
2004  and  said  it  has  made  an  ini¬ 
tial  offer  to  settle  accounting  in¬ 
vestigations  by  the  Department  of 
Justice  and  the  Securities  and  Ex¬ 
change  Commission.  CA  recorded 
a  $10  million  charge  in  its  fourth 
quarter,  which  ended  March  31,  in 
connection  with  the  settlement  of¬ 
fer.  (For  coverage  of  CA’s  user 
conference,  see  next  page.) 


Oracle  Executive  to 
Run  Eclipse  Group 

The  group  that  took  control  of  the 
Eclipse  open-source  application 
development  technology  from 
IBM  in  February  plans  to  name  its 
first  executive  director  this  week. 
The  Asheville,  N.C.-based  Eclipse 
Foundation  will  be  headed  by 
Mike  Milinkevich,  formerly  vice 
president  of  application  server 
technical  services  at  Oracle  Corp. 


EMC  Launches  Piranha 
Array  With  Dell  in  Tow 


Large  users  could  be  put  off  by  lack  of 
ties  to  ControlCenter  management  tools 


PRODUCT  DETAILS 


ClariionAXtOO 


BY  LUCAS  MEARIAN 

mc  corp.  last  week 
formally  announced 
its  Piranha  disk  array, 
an  entry-level  device 
that  Dell  Inc.  and  other  re¬ 
sellers  plan  to  market  to  small 
businesses  and  to  companies 
with  distributed  operations. 

However,  the  new  array  ini¬ 
tially  can’t  be  managed  by 
EMC’s  enterprise-class  Control- 
Center  storage  management 
software  —  a  shortcoming  that 
some  IT  managers  and  ana¬ 
lysts  said  could  be  a  roadblock 
for  large  corporate  users. 

The  rollout  of  Piranha, 
which  officially  is  called  the 
Clariion  AX100,  came  one 
week  after  EMC  announced  a 
low-cost  network-attached 
storage  (NAS)  gateway  [Quick- 
Link  47033].  EMC  said  the 
AX100  can  be  directly  at¬ 
tached  to  the  NetWin  110  NAS 
Gateway  or  bought  as  a  pre- 
configured  storage-area  net¬ 
work  (SAN)  with  data  backup 
and  storage  management  soft¬ 
ware,  a  Fibre  Channel  switch 
and  host  bus  adapters. 

During  a  press  conference 
with  Dell  officials,  EMC  CEO 
Joe  Tucci  said  the  AX100  is 
well  suited  for  banks,  broker¬ 
ages,  retail  chains  and  other 


users  that  are  looking  to  con¬ 
solidate  the  storage  capacity  on 
servers  and  simplify  backup 
procedures  in  remote  offices. 

The  AX100,  which  starts  at 
$4,999  through  Dell,  uses  low- 
cost  Serial  ATA  disk  drives  in¬ 
stead  of  Fibre  Channel  ones. 
But  Tucci  said  the  array  isn’t 
aimed  at  the  secondary  stor¬ 
age  applications  typically  as¬ 
sociated  with  Serial  ATA. 

“This  is  the  real  McCoy,”  he 
said.  “This  is  going  to  be  pri¬ 
mary  storage.” 

Remote  Control 

John  McArthur,  an  analyst  at 
market  research  company  IDC 
in  Framingham,  Mass.,  said 
that  for  the  AX100  to  make  big 
inroads  among  enterprise 
users,  it  needs  to  interoperate 
with  ControlCenter.  That 
would  give  storage  admin¬ 
istrators  centralized  con¬ 
trol  of  AXIOOs  that  are  in¬ 
stalled  in  branch  offices, 
McArthur  added. 

Matt  Ebaugh,  CIO  at 
Commonwealth  Health  Corp. 
in  Bowling  Green,  Ky.,  agreed 
that  he  wouldn’t  be  interested 
in  the  AX100  unless  it  could 
help  him  centralize  manage¬ 
ment  of  his  storage  architec¬ 
ture.  “I  only  want  one  SAN 


■  Scales  from  480GB  to  STB  in 
a  2U  (3.5-in.-high)  rack- 
mountable  enclosure  with 
space  for  12  Serial  ATA  drives. 

■  Is  sold  in  a  single-controller 
model  with  RAID  5  capabilities 
and  battery-backed  cache, 
plus  a  dual-controller  version 
with  mirrored  cache  and  re¬ 
dundant  power  supplies. 

■  Includes  dual  2Gbit/sec. 

Fibre  Channel  1/0  ports  and 
wizard-based  storage  manage¬ 
ment  tools  with  a  Web  GUI. 

■  Supports  Windows,  Linux 
and  NetWare  and  can  store 
data  for  up  to  eight  servers  in 
SAN  or  NAS  configurations. 

■  Pricing  starts  at  $4,999  for 
direct-attached  models  and 
$9,999  for  SAN  configurations 
through  Dell;  EMC’s  base  list 
price  through  other  resellers  is 
$5,999. 


fabric  in  my  enterprise,”  he 
said.  “SAN  islands  require 
more  administration.” 

Commonwealth  Health  cur¬ 
rently  uses  a  Clariion  CX600 
midrange  array  with  10TB  of 
storage  capacity,  and  Ebaugh 


said  he  hopes  to  expand  that 
this  year  in  order  to  keep  up 
with  the  company’s  growth. 

Mike  Wytenus,  senior  direc¬ 
tor  of  EMC’s  Clariion  plat¬ 
forms,  said  integration  of  the 
AX100  with  ControlCenter 
will  “happen  at  some  point.” 
An  EMC  spokesman  added 
that  the  AX100  can  be  remote¬ 
ly  monitored  and  managed  via 
a  Web  portal  using  its  built-in 
tools.  That  should  be  enough 
for  small  businesses,  which  is 
the  primary  target  market  for 
now,  the  spokesman  said. 

The  AX100  will  be  sold 
through  channel  partners,  ex¬ 
cept  for  purchases  that  involve 
large  quantities,  Tucci  said. 
Dell  will  manufacture  the 
array  for  its  own  shipment 
needs,  expanding  a  deal  under 
which  it  now  makes  EMC’s 
CX300  device. 

Kevin  Rollins,  Dell’s  presi¬ 
dent  and  chief  operating  offi¬ 
cer,  said  users  who  aren’t  IT 
professionals  should  be  able  to 
set  up  the  AX100  in  less  than 
an  hour.  Asked  whether  Dell 
and  EMC  are  looking  to  trigger 
a  low-end  storage  price  war, 
Rollins  said,  “It  wouldn’t  be  the 
worst  thing  to  happen.” 
McArthur  said  the 
AX100  puts  EMC  in  posi¬ 
tion  to  compete  for  mar¬ 
ket  share  against  server 
vendors  that  offer  internal 
storage  capacity,  includ¬ 
ing  Dell  itself.  “Right  now, 

Dell  takes  them  to  a  space 
they  were  having  challenges 
getting  to,”  he  said.  “Over 
time,  it  could  end  up  in  some 
competition  between  them.” 

©  47218 


IBM  Ties  File  Virtuali 
Software  t 

IBM  last  week  announced  an 
upgrade  of  its  distributed  file 
system  software  that  exti 
storage-pooling  capabilities  t 
SAN  devices  sold  by  its  maji 
disk  array  rivals,  including  EM 
Hewlett-Packard  Co.  and  Hitachi 
Data  Systems  Corp. 

Until  now,  IBM’s  TotalStorage 
SAN  File  System  software 
worked  only  with  the  company's 
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Open-Source  Plan 


Buoys  Ingres  Users 


CA’s  new  strategy 
could  give  DB  a 
boost,  loyalists  say 

BY  MATT  HAMBLEN 

LAS  VEGAS 

Users  of  Computer  Associates 
International  Inc.’s  Ingres  data¬ 
base  were  energized  by  last 
week’s  announcement  that  CA 
plans  to  release  the  software 
under  an  open-source  license 
and  integrate  it  with  technolo¬ 
gy  from  JBoss  Inc.  and  other 
open-source  developers. 

Ingres  has  become  an  also- 
ran  in  the  database  market  in 
the  10  years  since  CA  bought  it. 
But  a  group  of  about  20  long¬ 
time  Ingres  users  who  met  dur¬ 
ing  the  CA  World  2004  confer¬ 
ence  here  said  the  move  to 


BY  JA1KUMAR  VIJAYAN 

Sun  Microsystems  Inc.  on 
Tuesday  will  announce  a  con¬ 
solidated  line  of  identity  man¬ 
agement  products  that  com¬ 
bines  its  own  technologies 
with  those  obtained  from  its 
acquisition  of  Waveset  Tech¬ 
nologies  Inc. 

The  company  will  also  an¬ 
nounce  new  partnerships  with 
Deloitte  &  Touche  LLP  and 
PricewaterhouseCoopers  to 
help  deploy  the  products  at 


Consolidated 
ID  Management 

Sun  Java  System  Identity  Man¬ 
age:  ■  Combines  Waveset’s  pro¬ 
visioning  technology  with  Sun's 
metadirectory  capabilities. 

Sun  Java  System  Access  Man¬ 
ager  Features  new  support  for 
Liberty  Phase  2  and  SAML  1.1. 

Sun  Java  System  Directory  Ser¬ 
ver  Enterprise  Edition:  Reposito¬ 
ry  tor  storing  enterprise  identity 
information,  featuring  built-in 
fail-over,  load-balancing,  securi¬ 
ty,  and  integration  with  Microsoft 
Active  Directory. 


open-source  should  give  the 
database  a  higher  profile  and 
may  help  them  fight  off  inter¬ 
nal  pressure  to  migrate  their 
systems  to  Oracle,  DB2  or  SQL 
Server. 

“I’m  tired  of  being 
treated  like  an  ugly 
stepsister  and  a  sec¬ 
ond-class  citizen  be¬ 
cause  I  use  Ingres,” 
said  Tyler  McGraw,  a 
database  administra¬ 
tor  at  paper  maker 
Bowater  Inc.  in 
Greeneville,  S.C.  Mc¬ 
Graw  has  used  Ingres 
for  15  years.  “Ingres  is 
a  good  product,  and  I  dig  CA’s 
open-source  effort.  Now  I 
don’t  have  to  apologize  for  my 
database.” 

Erica  Harzewski,  a  database 


customer  locations. 

Sun’s  identity  management 
line,  which  consisted  of  eight 
products  after  the  Waveset 
purchase  in  December  [Quick- 
Link  42934],  has  been  consoli¬ 
dated  to  three:  an  identity 
manager,  an  access  manager 
and  Directory  Server  Enter¬ 
prise  Edition. 

The  consolidated  product 
line  marks  the  “culmination 
of  the  Waveset  acquisition” 
and  is  designed  to  reduce 
complexity  and  costs,  said 
Kevin  Cunningham,  director 
of  identity  management  prod¬ 
ucts  at  Sun. 

Sun’s  Identity  Manager 
technology,  for  instance,  com¬ 
bines  Waveset’s  Lighthouse 
user  provisioning  technology 
with  Sun’s  metadirectory  ca¬ 
pabilities.  The  integration  will 
make  it  easier  for  companies 
to  use  identity  information  to 
provision  access  to  multiple 
enterprise  applications,  Cun¬ 
ningham  said. 

The  new  products  also  pro¬ 
vide  broader  support  for  stan¬ 
dards,  Cunningham  said.  Sun’s 
Access  Manager,  for  instance, 


administrator  at  medical  de¬ 
vice  maker  Guidant  Corp.  in 
Temecula,  Calif.,  said  CA’s  new 
strategy  will  make  it  easier  to 
defend  Ingres  to  her  bosses, 

who  want  to  move  to 
Oracle  databases. 
“Oracle  is  much  more 
expensive  and  com¬ 
plex  than  Ingres,” 
said  Harzewski,  who 
has  used  the  software 
for  13  years.  “CA 
wouldn’t  put  Ingres 
out  for  open-source 
if  it  was  a  piece  of 
crap.” 

The  user  meeting 
itself  illustrated  the  plight  of 
Ingres,  at  least  in  the  U.S.  data¬ 
base  market.  The  meeting  was 
held  by  the  North  American 
Ingres  User  Association,  which 


supports  both  Liberty  Phase  2 
and  SAML  1.1  federation  stan¬ 
dards,  he  said. 

“We  feel  like  they  have  got  a 
pretty  solid  strategy  in  that  it 
uses  open  standards  and  uses 
federated  [identity  manage¬ 
ment]  concepts,”  said  David 
Endicott,  vice  president  of 
technology  at  Sabre  Airline 
Solutions  in  Houston. 

Sabre  is  using  Sun’s  identity 
management  technology  to  au¬ 
thenticate  users  from  54  air¬ 
lines  and  provide  personalized 
access  to  over  20  different  ap¬ 
plications  via  its  eMergo  appli¬ 
cation  service  provider  portal. 

“A  lot  of  the  things  we  do 


is  seeking  new  members  as  it 
tries  to  reorganize  after  two 
years  of  inactivity,  said  NAIUA 
President  Carmen  Huff,  lead 
database  administrator  at  Al¬ 
liance  Data  Systems 
Inc.  in  Dallas. 

“Going  open- 
source  is  a  great 
idea,”  Huff  said.  She 
noted  that  although 
Ingres  has  fallen  off 
the  market-share 
charts  in  the  U.S.,  it’s 
still  among  the  most 
popular  databases  in 
Australia  and  parts 
of  Europe. 

CA  said  Ingres  will  be  re¬ 
leased  within  90  days  under  a 
newly  created  Trusted  Open 
Source  License,  which  it  de¬ 
scribed  as  a  derivative  of  the 


from  an  application  perspec¬ 
tive  use  Java.  So  using  [Sun’s] 
ID  server  as  part  of  our  ASP 
offering  was  a  natural  choice 
for  us,”  Endicott  said.  Sabre 
will  investigate  how  it  can 
take  advantage  of  the  new  pro¬ 
visioning  capabilities  being  of¬ 
fered  by  Sun  with  its  Identity 
Manager  offering,  he  added. 

Sun’s  integration  of  Waveset 
technology  and  its  success  in 
retaining  most  of  Waveset’s 
employees  bode  well  for  the 
company’s  ambitions  in  the 
identity  management  market, 
said  Earl  Perkins,  an  analyst  at 
Stamford,  Conn.-based  Meta 
Group  Inc.  ©  47213 


GNU  General  Public  License 
(GPL).  The  Ingres  announce¬ 
ment  was  the  centerpiece  of  a 
wider  plan  that  also  includes 
the  addition  of  open-source 
document  management  soft¬ 
ware  to  CA’s  BrightStor  line 
and  joint  development  work 
with  Atlanta-based  JBoss  and 
Fredericksburg,  Va.- 
based  Zope  Inc. 

Sam  Greenblatt, 
senior  vice  president 
and  chief  architect  in 
CA’s  Linux  technolo¬ 
gy  group,  said  the 
open-source  release 
will  expose  Ingres  to 
about  100,000  devel¬ 
opers  associated  with 
JBoss,  Zope  and  the 
Plone  Foundation,  a 
new  not-for-profit  group  fo¬ 
cused  on  the  Plone  document 
management  software  that’s 
being  added  to  BrightStor. 

CA’s  open-source  license  in¬ 
cludes  an  indemnification  fea¬ 
ture  that  goes  beyond  the  GPL 
and  is  designed  to  protect  the 
integrity  of  Ingres,  Greenblatt 
said.  Users  will  be  able  to 
download  the  database  for 
free  but  will  pay  fees  for  sup¬ 
port,  maintenance  and  indem¬ 
nification,  which  will  provide 
them  with  a  certificate  that 
lists  who  developed  different 
pieces  of  the  code.  CA  will 
track  development  and  update 
the  certificates  as  needed. 

Dan  Kingston,  a  database 
administrator  at  American 
Digital  Systems  Inc.  in  Salt 
Lake  City,  said  he  and  his  col¬ 
leagues  had  started  worrying 
about  CA’s  commitment  to 
Ingres  until  last  week’s  an¬ 
nouncement.  “It’s  an  excellent 
move,”  Kingston  said,  “but  CA 
has  to  be  careful  how  they 
move  it  to  open-source.” 

He  added  that  he  doesn’t 
want  to  see  software  quality 
compromised  by  security  vul¬ 
nerabilities  and  other  bugs  — 
a  concern  that  was  echoed  by 
several  other  users.  ©  47216 


MORE  COVERAGE 

Interim  CA  CEO  Ken  Cron  and  former  chief 
Sanjay  Kumar  clarify  management  roles: 

QuickLink  47100 

Some  CA  World  attendees  say  they  want 
better  integration  of  CA's  products: 

QuickLink  47086 
www.computeiworld.com 


Sun  Streamlines  Identity 
Management  Offerings 


Sun  to  Expand  Data  Center  Services 


Sun  on  Tuesday  will  unveil 
plans  to  broaden  its  services 
offerings  beyond  hardware 
support,  to  include  support  for 
the  people  and  processes  that 
interact  with  its  systems. 

Often,  data  center  failures 
are  the  result  of  flawed  proc¬ 
esses  or  employee  mistakes, 
said  Mike  Harding,  director  of 
Sun  Preventive  Services. 

The  preventive  services  of¬ 
fering,  which  now  carries  a  sin¬ 
gle  price  for  services  that  in 
many  cases  had  been  priced 


separately,  is  based  on  an  as¬ 
sessment  of  the  degree  of  risk 
of  outages  in  a  data  center. 

Sun  has  developed  a  meth¬ 
odology  to  measure  the  risk. 
Once  changes  are  made  to  im¬ 
prove  operations  based  on  a  risk 
assessment  using  that  method¬ 
ology,  pricing  can  decline  as 
much  as  20%,  said  Harding. 

The  service  will  initially  focus 
on  Sun  products  but  by  next 
year  will  also  support  systems 
from  other  vendors,  he  said. 

-Patrick  Thibodeau 
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PeopleSoft  Rejects 
New  Oracle  Bid . . . 

PeopleSoft  Inc.  said  its  board 
of  directors  has  voted  to  reject 
Oracle  Corp.’s  latest  takeover  bid 
-  no  surprise,  since  Oracle’s  new 
offer  is  worth  about  $1.7  billion 
less  than  its  previous  one.  Oracle 
on  May  14  cut  the  price  it  would 
pay  to  $7.7  billion,  citing  changes 
in  market  conditions  and  the  val¬ 
ue  of  PeopleSoft’s  stock.  People- 
Soft  said  the  reduced  offer  “is 
inadequate  and  does  not  reflect 
PeopleSoft’s  real  value.” 


. . .  And  Agrees  on 
Class-Action  Deal 

In  a  related  matter,  PeopleSoft 
has  agreed  to  settle  class-action 
lawsuits  filed  in  Delaware  and 
California  by  shareholders  over  a 
customer-refund  offer  that  was 
put  in  place  after  Oracle  began 
its  buyout  bid  last  June.  People- 
Soft,  which  let  the  Customer  As¬ 
surance  Program  lapse  in  April, 
said  any  future  reinstatement 
would  apply  only  to  actions  tak¬ 
en  by  Oracle  if  it  succeeds  in 
buying  the  company. 


Akamai’s  Servers 
Slowed  by  Glitch 

Akamai  Technologies  Inc.  said 
the  servers  it  uses  to  distribute 
content  to  Web  sites  were  af¬ 
fected  by  a  software  glitch  last 
Monday,  causing  performance  to 
slow  down  on  some  sites  for 
about  90  minutes.  The  Cam¬ 
bridge,  Mass.-based  company 
said  the  problems  were  caused 
by  a  bug  in  its  proprietary  con¬ 
tent  management  software,  not 
by  “outside  interference." 


Lucent  Signs  Deal 
To  Buy  VoIP  Vendor 

Lucent  Technologies  Inc.  said  it 
plans  to  acquire  Telica  Inc.,  a 
Marlboro,  Mass.-based  vendor  of 
voice-over-IP  technology,  in  a 
stock-swap  deal  valued  at  about 
$295  million.  Telica  has  about 
250  employees. 
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Sun’s  Infinite  Pricing 
Scheme  Reaches . . . 

. . .  Linux,  Windows  and  even  HP-UX  for  its  integrated  Java 
Enterprise  System  package.  The  JES  components  in¬ 
clude  application,  portal,  directory,  identity,  Web 
and  other  servers  as  well  as  a  fistful  of  Java-based 
tools  for  deploying  online  applications.  Currently 
Sun’s  “infinite”  pricing  policy  applies  only  to  its 
Solaris  operating  system  and  lets  organizations  li¬ 
cense  the  array  of  Java  components  on  an  annual 
subscription  basis  at  $100  per  employee.  You  can 

still  license  software  the  old- 
fashioned  way,  says  Stephen 
Borcich,  executive  director 


for  Java  enterprise  technolo¬ 
gies  at  Sun  Microsystems  Inc. 
“It’s  more  complex,  but  it’s 
your  choice,”  he  says.  By  the 
end  of  June,  Sun  will  extend 
its  unique  pricing  model  to 
Linux  users  and  in  late  2004 
to  HP-UX  and  Win¬ 
dows  fans.  Companies 
that  use  the  tools  to 
extend  applications  to 
end  users  on  the  In¬ 
ternet  or  throughout 
their  supply  chains  in¬ 
cur  no  extra  charges.  Further¬ 
more,  in  June,  Sun  will  offer 
developing  nations  a  similar 
plan  for  the  JES  components 
at  33  cents  per  citizen.  And  in 
a  move  to  attract  more  devel¬ 
opers,  later  this  year  pro¬ 
grammers  anywhere  in  the 
world  who  buy  Java  Studio 
Enterprise  will  get  a  free 
Opteron  server.  Previously, 


the  giveaway  was  good  only 
for  U.S.-based  coders. 
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What  IDC  says 
companies 
spend  yearly 
for  software. 


Dump  shelfware 
while  tracking . . . 

. . .  company  software  usage 
down  to  the  component  level. 

That’s  the  promise  of  this 
week’s  release  of  FLEXnet 
Manager  from  Macrovision 
Corp.  in  Santa  Clara, 
Calif.  “Most  compa¬ 
nies  have  no  clue 
about  how  software 
is  being  used,”  claims 
Daniel  Greenberg, 
Macrovision’s  vice 
president  for  worldwide  mar¬ 
keting.  Market  research  com¬ 
pany  IDC  backs  up  Green¬ 
berg,  noting  that  67% 
of  you  don’t  bother  to 
track  your  software 
assets.  Given  the 
billions  upon  bil¬ 
lions  of  dollars  spent 
on  software  each  year, 
that  seems  a  bit  of  an 


oversight.  FLEXnet  manager 
drops  a  small  agent  on  ma¬ 
chines  whose  licenses  you 
want  to  manage  and  keeps 
tabs  on  who’s  using  what  and 
when,  giving  you  a  better 
handle  on  how  to  distribute 
applications.  You  can  even 
use  it  to  track  your  own  cus¬ 
tom  apps  —  a  help  when  you 
want  to  bill  back  depart¬ 
ments.  Speaking  of  billing, 
FLEXnet  Manager  even  has  a 
reporting  tool  for  the  CFO  so 
the  finance  department  can 
plan  expenses  more  accurate¬ 
ly.  Pricing  starts  at  $20,000. 

Indian  SAP  project 
managers  “jumping . . . 

. . .  ship,”  which  frustrates  com¬ 
panies  that  went  offshore  with 
their  ERP  operations.  That’s 
the  claim  from  Christopher 
Carter,  CEO  of  Carter  Con¬ 
sulting  Inc.  in  Hales  Corners, 
Wis.  But  it  has  also  helped 
him  to  “bring  on  more  remote 
American  SAP  workers”  to 
manage  ERP  sites  from  afar. 
But  not  that  far.  They  work 
from  their  homes  across  the 
U.S.  He  says  that  the  best  In¬ 
dian  project  managers  are  be¬ 
ing  lured  away  by  the  likes  of 
IBM  and  SAP  AG,  which  have 
set  up  shop  on  the  subconti¬ 
nent,  and  it’s  creating  chaos 
for  users.  Carter  pays  his  SAP 
consultants  $75k  to  $80k  per 
year,  but  they  run  two  to  four 
SAP  installations  remotely. 

So,  depending  on  your  situa¬ 
tion,  send  him  your  resume 
or  your  business.  He’s  looking 
for  both. 

Security’s  a  snap 
with  appliances . . . 

. . .  that  integrate  with  a  managed 
service.  By  the  end  of  June, 
ClearPath  Networks  Inc.  in  El 


SNAP  takes  up  to  500  user  sessions. 


Segundo,  Calif.,  will  ship  five 
Secure  Network  Access  Plat¬ 
form  (SNAP)  appliances  that 
can  handle  between  10  and 
500  concurrent  user  sessions, 
depending  on  the  model.  De¬ 
signed  for  branch  offices  and 
midsize  operations,  the  SNAP 
devices  deliver  integrated 
firewall,  antivirus  and  other 
network  security  tasks,  all 
overseen  in  ClearPath’s 
round-the-clock  network  op¬ 
erations  center.  Pricing  starts 
at  $595  for  the  appliances,  and 
CEO  Cliff  Young  says  month¬ 
ly  subscription  costs  for  the 
managed  service  can  average 
as  little  as  $145. 

Software  development 
tool  to  give . . . 

. . .  managers  better  insight  into  a 
project’s  process.  Tracy  Ragan, 
CEO  of  Catalyst  Systems 
Corp.  in 
Glencoe,  Ill., 
says  the  6.4 
release  of 
OpenMake, 
scheduled 
for  late  this 
year,  will  let 
managers 
“spy  on  the 
development 
team”  with  a 
slew  of  new 
reporting 
tools  that 
can  show  how  often  software 
builds  are  performed  and 
what  kinds  of  files  are  being 
generated  during  the  builds. 
OpenMake  already  lets  devel¬ 
opers  bypass  the  time-con¬ 
suming  scripting  process 
needed  to  build  an  applica¬ 
tion  under  development  into 
its  most  up-to-date  condition, 
which  is  vital  for  projects  be¬ 
ing  worked  on  by  multiple 
developers.  OpenMake  can 
already  cut  80%  of  the 
time  it  takes  to  create 
a  build  file.  With  the 
impending  reports, 
Ragan  says,  IT  man¬ 
agers  can  keep  a  closer  watch 
on  a  project’s  schedule. 

©  47181 


TRACY  RAGAN 

says  Open¬ 
Make  helps 
IT  managers 
keep  close 
tabs  on  project 
schedules. 
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CONSIDER  YOUR  NATIONAL 
DEALER  NETWORK. 

Consider  the  dots  connected. 


Now  we  can  design,  deliver  and  manage  a  data 
integration  system  that  brings  it  all  together. 
Converge  every  kind  of  business  network  -  dealers, 
brokers,  suppliers,  customers  -  across  platforms, 
across  America.  All  on  the  strong,  reliable  backbone 
of  the  S^C  network.  To  connect  the  dots  coast  to 
coast,  talk  to  your  SBC  account  representative. 


GOING  BEYOND  THE  CALL 
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Antispyware  Products 
Target  Corporate  Users 

Tools  are  designed  to  provide  centralized 
means  of  eliminating  spyware,  adware 


BY  JAIKUMAR  VIJAYAN 

ESPONDING  TO 
growing  corporate 
concerns  about  the 
security  and  per¬ 
formance  issues 
posed  by  spyware  programs, 
several  vendors  are  preparing 
to  release  enterprise  editions 
of  their  antispyware  tools. 

But  while  the  new  tools  can 
be  useful,  most  have  yet  to  be 
tested  in  corporate  environ¬ 
ments,  and  they  may  not  offer 
all  of  the  functionality  needed 
by  large  companies,  analysts 
cautioned. 

This  week,  PestPatrol  Inc. 
in  Carlisle,  Pa.,  will  introduce  a 
corporate  version  of  the  anti¬ 
spyware  product  it  has  been 
selling  in  the  consumer  space. 
PestPatrol  Corporate  Edition 
features  a  central  management 
console  that  lets  administra¬ 
tors  scan  groups  of  desktops 
for  spyware  and  adware,  quar¬ 
antine  infected  systems,  and 
cleanse  them  automatically, 
according  to  Roger  Thompson, 
PestPatrol’s  vice  president  of 
product  development. 

The  technology,  which  sells 
for  less  than  $10  per  user,  em¬ 
ploys  a  client-side  software 
agent  to  scan  desktops,  and 
lets  administrators  schedule 
scans  and  specify  what  kinds 
of  spyware  programs  to  delete, 
he  said. 

Meanwhile,  Boulder,  Colo.- 
based  Webroot  Software  Inc. 
on  June  14  will  launch  an  en¬ 
terprise  edition  of  its  Spy 
Sweeper  consumer  product, 
offering  similar  centralized 
administration  capabilities. 

And  Cupertino,  Calif. -based 
antivirus  software  vendor 
Trend  Micro  Inc.  plans  to  an¬ 
nounce  new  spyware-detection 
functions  in  two  versions  of  its 
products,  also  scheduled  to  be 
released  June  14.  The  features 
allow  companies  to  scan  for 


spyware  at  both  the  desktop 
and  server  levels. 

San  Francisco-based  fire¬ 
wall  vendor  Zone  Labs  Inc., 
which  already  sells  a  product 
that  allows  companies  to  scan 
noncorporate  devices  access¬ 
ing  their  networks,  later  this 
year  will  release  similar  anti¬ 
spyware  tools  for  enterprise 
systems,  said  Fred  Felman,  a 


BY  DAN  VERTON 

WASHINGTON 

U.S.  Department  of  Homeland 
Security  officials  for  the  past 
three  weeks  have  been  quietly 
preparing  a  100-day  plan  to 
bolster  cyber-  and  physical 
security  around  critical  infra¬ 
structures  in  advance  of  a  pos¬ 
sible  terrorist  attack  this  sum¬ 
mer.  And  they’ve  been  doing 
so  without  the  benefit  of  a  suf¬ 
ficiently  integrated  IT  infra¬ 
structure. 

Amid  new  warnings  that 
terrorists  are  likely  to  attack  in 
the  next  few  months  in  an  ef¬ 
fort  to  influence  the  Novem¬ 
ber  presidential  election,  the 
U.S.  General  Accounting  Of¬ 
fice  has  found  that  the  DHS 
has  made  only  limited  prog¬ 
ress  in  its  IT  systems  integra¬ 
tion  efforts  —  efforts  that  gov¬ 
ernment  officials  see  as  criti- 


Zone  Labs  vice  president. 

The  American  Bankers 
Association  in  Washington 
is  planning  to  deploy  Pest- 
Patrol’s  enterprise  software  on 
400  desktops  to  deal  with  the 
problem,  said  Lisa  Mills,  a  sys¬ 
tems  integration  specialist  at 
ABA.  “I  am  losing  two  to  three 
machines  a  week  to  spyware, 
adware  and  other  malware,” 
Mills  said.  Some  systems  have 
over  1,500  spyware  programs 
installed  on  them,  including 
keystroke  loggers,  remote- 


cal  to  the  effective  execution 
of  DHS  plans. 

The  specific  cybersecurity 
aspects  of  the  DHS’s  planning 
stem  from  an  April  30  emer¬ 
gency  brainstorming  meeting 
headed  by  DHS  Deputy  Secre- 
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tary  Admiral  James  Loy.  Dur¬ 
ing  the  unclassified  meeting, 
to  which  Computerworld  was 
granted  exclusive  access,  Loy 
urged  his  senior  executives, 
including  two  members  of  the 


control  programs,  Trojan  hors¬ 
es  and  back  doors,  she  added. 

The  ABA  has  tested  Pest- 
Patrol’s  consumer  products 
on  some  of  its  systems  and  is 
planning  to  use  the  new  ver¬ 
sion  to  centrally  detect  and  re¬ 
move  spyware  from  network- 
connected  desktops,  Mills  said. 

Cleaning  House 

Cornell  University’s  athletics 
department  is  using  Pest- 
Patrol’s  consumer  software 
to  deal  with  a  burgeoning  spy- 
ware  problem.  The  depart¬ 
ment  has  deployed  the  soft¬ 
ware  on  about  150  of  its  250 
desktops,  and  so  far,  the  prod¬ 
uct  has  done  “an  excellent 
job,”  said  Ricky  Stewart,  the 
department’s  IT  director. 

Although  the  consumer  ver¬ 
sion  used  by  Cornell  had  been 
tweaked  to  support  a  degree 
of  central  control,  it  still  had 
to  be  individually  loaded  on 
desktops.  It  allowed  a  central 
administrator  to  scan  for  spy- 
ware  and  delete  it,  but  only 
when  the  system  was  logging 
into  the  network.  It  also 
lacked  the  automatic  updates 
that  are  available  on  the  new 
enterprise  version. 


Llomeland  Security  Council, 
to  think  radically  about  the  in¬ 
terdependence  of  physical  and 
cybersecurity  and  to  reach  out 
aggressively  to  the  private  sec¬ 
tor  for  cutting-edge  ideas  and 
technologies. 

DHS  CIO  Steve  Cooper, 
who  attended  the  meeting, 
didn’t  escape  tough  scrutiny 
in  the  GAO’s  May  21  report. 
Cooper,  the  official  responsible 
for  leading  the  department¬ 
wide  systems  integration 
effort,  has  been  “hampered 
by  insufficient  staffing  [andj 
higher-priority  demands,  such 
as  establishing  a  department¬ 
wide  e-mail  system,”  accord¬ 
ing  to  the  GAO.  More  impor¬ 
tant,  the  department  has  yet  to 
give  Cooper  central  control  of 
the  IT  investments  made  by 
all  22  DHS  departments,  in¬ 
creasing  the  risk  that  dozens 
of  systems  will  require  a  cost¬ 
ly  revamp  to  integrate  later, 
the  GAO  warned. 

Meanwhile,  the  U.S.  Secret 
Service,  now  part  of  the  DHS, 


But  even  with  the  arrival  of 
these  enterprise  versions  of 
antispyware  tools,  more  work 
remains  to  be  done  before 
they’re  truly  ready  for  corpo¬ 
rate  use,  said  Peter  Firstbrook, 
an  analyst  at  Stamford,  Conn.- 
based  Meta  Group  Inc. 

Most  of  the  first-wave  prod¬ 
ucts,  for  instance,  still  don’t 
offer  an  easy  way  for  compa¬ 
nies  to  update  the  lists  used  to 
identify  spyware  programs. 

Policy  management  func¬ 
tions  aren’t  particularly  so¬ 
phisticated,  and  some  prod¬ 
ucts  allow  for  a  dangerous  lev¬ 
el  of  interaction  by  end  users, 
he  said.  Similarly,  few  prod¬ 
ucts  are  able  to  automatically 
force  updates  out  to  desktops 
as  needed,  instead  relying  on 
the  client-side  agents  to  pull 
updates  in,  Firstbrook  added. 

Moreover,  what  may  be  con¬ 
sidered  spyware  by  one  com¬ 
pany  can  be  a  legitimate  moni¬ 
toring  tool  in  another  —  such 
as  a  keystroke  logger  to  de¬ 
fend  against  corporate  espi¬ 
onage.  Enterprise  antispyware 
tools  therefore  need  to  be  able 
to  be  customized,  said  David 
Moll,  CEO  of  Webroot  Soft¬ 
ware.  ©  47215 


has  begun  what  the  agency 
calls  “critical  systems  advance 
work”  assessing  the  security  of 
the  critical  infrastructures  sur¬ 
rounding  the  sites  of  this  sum¬ 
mer’s  Republican  and  Democ¬ 
ratic  conventions  in  New  York 
and  Boston,  respectively. 

“Buildings  today  are  not 
mechanical  buildings;  they’re 
smart  buildings  that  are  run  by 
computer  systems,”  said  Bruce 
Townsend,  deputy  assistant 
director  for  investigations. 

“We  now  have  to  take  into 
account  not  only  the  physical 
aspects  of  securing  that  venue 
but  also  the  virtual,  or  cyber, 
aspects  as  well,”  he  said. 
“Somebody  could  attack  us 
through  the  cyber  realm  and 
render  vulnerable  what  would 
otherwise  be  a  sound  security 
plan.”  ©  47205 


BORDER  CONTROL 

The  DHS  is  poised  to  award  a  10-year 
contract  for  the  US-VISIT  program: 

QuickLink  47231 
www.computerworld.com 


WHAT  IT  DOES 

Enterprise  versions  of 

antispyware  technology  aim  to  help  companies: 

■  Centrally  deploy  and  manage  antispyware  capabilities. 

■  Scan  systems  to  detect  spyware  and  remove  it  from 
infected  desktops. 

■  Proactively  alert  users  or  block  new  spyware  from  being 
downloaded. 


IT  Integration  Efforts  Falter  As 
DHS  Plans  for  Election  Security 
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Unauthorized  Wireless  Users 
Strain  Corporate  Networks 


IT  managers  say  rogue  installations 
pose  security  risks,  complicate  support 


BY  DAVID  RAMEL 

PALM  DESERT.  CALIF. 


((IK.)))))  End  users  are 

Mobile  &  driving much 

Wireless  of  the  mobile 

World  and  wire^ess 

innovation 
inside  com¬ 
panies,  which  can  cause  secu¬ 
rity,  support  and  management 
problems  —  especially  when 
devices  and  applications  not 
sanctioned  by  IT  departments 
find  their  way  onto  networks. 

That  was  one  of  the  mes¬ 
sages  from  IT  managers  who 
attended  Computerworld’s  sec¬ 
ond  annual  Mobile  &  Wireless 
World  conference  here  last 
week.  The  event,  which  at¬ 
tracted  about  244  registrants 
from  user  companies,  put  a 
spotlight  on  the  havoc  that 
can  be  caused  by  rogue  users 
of  wireless  LANs. 

‘Maddening’  Problem 

“The  problem  of  rogue  em¬ 
ployees  is  maddening.  It’ll 
drive  you  crazy,”  said  Marc 
Simms,  director  of  IT  at  Shared 
PET  Imaging  LLC.  Simms  is 
part  of  a  small  IT  support  team 
that  serves  110  employees  at 
the  Canton,  Ohio-based  com¬ 
pany,  which  provides  medical 
scanning  services  to  hospitals. 
The  IT  staff  ran  into  problems 
when  end  users  began  bring¬ 
ing  in  their  own  mobile  equip¬ 
ment.  “They  were  bringing 
their  own  laptops  in,  their  own 
handhelds,  different  types  of 
PDA  devices,”  Simms  said.  “It 
became  a  support  nightmare.” 

He  solved  the  problems  by 
working  with  users  to  define 
their  requirements  and  then 
with  Shared  PET’s  hardware 
supplier,  Dell  Inc.,  to  stan¬ 
dardize  systems  to  meet  the 
requirements. 

In  the  process,  he  provided 
workers  with  wireless  access, 
which  quickly  raised  the  issue 
of  security.  Simms  said  he 


dealt  with  the  security  con¬ 
cerns  by  using  Firetide  Inc.’s 
mesh  networks,  which  use 
proprietary  technology  to 
“lock  in”  network  devices  so 
they  can  communicate  only 
with  one  another. 

Larger  companies  face  the 
same  kind  of  problems.  For 
example,  Colin  Seward,  an 
IT  manager  at  Cisco  Systems 


Cisco’s  Colin  Seward  said  the 
company  decided  it  had  to  sup¬ 
port  mobile  devices  because 
“they  were  just  coming  into  our 
organization  anyway.” 


Inc.,  said  the  networking  ven¬ 
dor  has  launched  a  program 
called  Cisco  Pocket  Office 
Services  to  manage  different 
kinds  of  mobile  devices.  Cisco 
“recognized  that  we  had  to 
support  these  devices  [be¬ 
cause]  they  were  just  coming 
into  our  organization  anyway,” 
he  said. 

The  Pocket  Office  program 
certifies  what  devices  are  sup¬ 
ported  and  requires  users  to 
register  ones  they  buy  them¬ 
selves  and  agree  to  terms-of- 
use  conditions,  Seward  said.  It 
also  provides  remote  manage¬ 
ment  of  the  devices,  including 
software  upgrades  and  securi¬ 
ty  services,  as  well  as  the  abili¬ 
ty  to  block  network  access  for 
those  that  are  lost  or  stolen. 

Richard  Stone,  wireless  and 
mobility  solutions  manager  at 
Hewlett-Packard  Co.,  said  IT 
managers  often  aren’t  proac¬ 
tive  enough.  Their  attitude, 
he  said,  is  one  of  resignation: 
“Wireless  is  insecure,  so  we’ve 
decided  to  do  nothing.” 

But  end  users  aren’t  stand¬ 
ing  still,  Stone  warned.  Sales 


statistics  show  that  half  of 
HP’s  iPaq  handheld  PCs  are 
bought  through  the  retail 
channel,  he  said,  adding  that 
it’s  not  uncommon  for  compa¬ 
nies  to  see  unsanctioned 
WLAN  connections  popping 
up  on  their  networks. 

“Start  to  set  standards  to¬ 
day,”  Stone  advised.  Beyond 
that,  IT  managers  should  sniff 
out  any  unauthorized  WLANs 
and  either  shut  them  down  or 
show  users  how  to  set  them 
up  properly,  he  said. 

Such  actions  are  needed  be¬ 
cause  the  benefits  of  introduc¬ 
ing  mobile  and  wireless  tech¬ 
nology  to  corporate  networks 
are  so  compelling,  Stone  not¬ 


ed.  He  described  an  HP  pro¬ 
gram  to  equip  1,200  customer 
service  engineers  with  note¬ 
book  PCs  and  wireless  net¬ 
work  cards.  HP  estimated 
that  the  project  would  pro¬ 
vide  a  return  on  investment 
of  $2.1  million,  but  the  actual 
ROI  turned  out  to  be  $8.6  mil¬ 
lion,  Stone  said.  ©  47206 

READ  MORE  ONLINE 

Three  vendors  are  teaming  up  to  develop 
a  mobile  phone  that  can  switch  from 
WLANs  to  wide-area  cellular  networks: 

QuickLink  47198 

The  adoption  of  wireless  continues  to  be 
hampered  by  security  concerns: 

O  QuickLink  47173 

www.computerworld.com 


Keep  Mobile  Apps  Simple,  Say  IT  Managers 


BY  BOB  BREWIN 

PALM  DESERT.  CALIF. 

When  IT  managers  develop 
mobile  and  wireless  applica¬ 
tions,  keeping  them  simple  and 
small  is  usually  the  best  route 
to  take,  according  to  several 
experienced  users  who  spoke 
at  Mobile  &  Wireless  World. 

Even  though  mobile  devices 
can  mimic  most  of  the  capabil¬ 
ities  of  a  desktop  PC,  such  as 
handling  attachments  and  rich 
text  documents,  plain  text  is 
usually  a  better  choice  for 
sending  data,  said  Ralph 
Nichols,  a  service  program 
manager  at  Pitney  Bowes  Inc. 
in  Stamford,  Conn.  Nichols 
developed  a  purely  text-based 
mobile  application  that  is  be¬ 
ing  rolled  out  to  the  mailing 
equipment  maker’s  3,500 


field  service  technicians. 

Pitney  Bowes  is  even  avoid¬ 
ing  the  use  of  abbreviations 
that  might  confuse  end  users, 
he  said.  The  system,  which 
will  be  used  to  dispatch  work¬ 
ers  and  report  the  results  of 
service  calls,  includes  text 
fields  that  provide  customer 
names,  the  types  of  machines 
they  have  and  the  problems 
they’re  experiencing.  Nichols 
said  the  mobile  application  is 
integrated  with  Siebel  Systems 
Inc.’s  field  service  manage¬ 
ment  software,  which  includes 
similar  fields. 

Another  text  field  lists  repair 
parts,  enabling  service  techni¬ 
cians  to  send  messages  that 
automatically  update  spare- 
parts  inventories  on  Pitney 
Bowes’  back-end  systems.  The 


mobile  application  initially 
was  installed  at  one  field  ser¬ 
vice  unit  last  year  and  now  is 
being  deployed  throughout  the 
U.S.  and  Canada,  Nichols  said. 

Companies  that  want  to 
deliver  data  to  end  users  who 
have  devices  smaller  than  lap¬ 
top  PCs  need  to  make  sure  it  is 
“concisely  formatted”  to  fit  on 
a  3-inch  screen,  said  Justin 
Hectus,  director  of  information 
at  Keesal,  Young  &  Logan,  a 
law  firm  in  Long  Beach,  Calif. 

Hectus  said  attorneys  at  the 
firm  use  mobile  devices  that 
are  hooked  into  the  back-end 
knowledge  management  sys¬ 
tem.  Simple  but  powerful  text 
fields  let  the  users  enter  small 
amounts  of  information  on 
the  fly  and  quickly  share  the 
data  with  other  workers. 


Travel  Inc.,  a  corporate  trav¬ 
el  firm  in  Duluth,  Ga.,  found 
keeping  it  simple  a  daunting 
task  when  it  was  planning  an 
application  that  would  let  cus¬ 
tomers  access  itineraries  and 
Department  of  Homeland  Se¬ 
curity  alerts  while  on  the  road. 
The  company’s  customer  base 
of  about  100,000  business 
travelers  uses  myriad  mobile 
devices,  said  Linwood  Hayes, 
its  chief  technology  officer. 

Hayes  eventually  hooked  up 
with  Atlanta-based  Air2Web 
Inc.,  which  helped  him  design 
a  system  that  can  send  infor¬ 
mation  to  any  mobile  device 
worldwide.  The  m-Itinerary 
service,  which  Travel  Inc. 
launched  early  last  year,  relies 
on  the  simplest  mobile  data 
interface  —  Short  Messaging 
Service  —  to  push  information 
to  customers,  Hayes  said. 
©47203 
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Cisco  Adds  High-End 
Router  for  Carriers 

Cisco  Systems  Inc.  introduced  a 
new  top-of-the-line  router  that’s 
aimed  at  telecommunications  car¬ 
riers,  at  least  initially.  The  CRS-1, 
short  for  Carrier  Routing  System, 
is  due  in  July  at  a  starting  price  of 
$450,000.  A  single  16-slot  rack 
can  process  traffic  at  rates  of  up 
to  1.2Tbit/sec.,  Cisco  said,  adding 
that  the  router  can  be  expanded 
to  72  racks  in  eight  interconnect¬ 
ed  chassis  for  maximum  through¬ 
put  of  92Tbit/sec. 


MasterCard  Ties  DB 
To  Oracle  ERP  Apps 

MasterCard  International  Inc.  said 
it  has  integrated  its  global  trans¬ 
action  data  repository,  which  is 
based  on  an  Oracle  Corp.  data¬ 
base,  with  Oracle’s  ERP  software. 
Users  can  activate  the  links  at  no 
extra  cost,  it  said.  The  Purchase, 
N.Y.-based  company  sells  a  con¬ 
nection  to  SAP  AG’s  software  as 
a  stand-alone  product  and  is  now 
working  to  tie  its  repository  to 
PeopleSoft  Inc.’s  applications. 


Info  Builders  Adds 
BPM  Software  Suite 

At  its  annual  user  conference  in 
New  Orleans,  Information  Build¬ 
ers  Inc.  announced  a  suite  of  busi¬ 
ness  performance  management 
software  that  includes  end-user 
dashboards  and  financial  reporting 
tools.  New  York-based  Information 
Builders  said  the  BPM  offering 
starts  at  $50,000  and  supports 
standards  created  by  Balanced 
Scorecard  Collaborative  Inc. 


Xerox  Loses  Patent 
Case  to  PalmOne 

A  U.S.  District  Court  judge  in 
Rochester,  N.Y.,  ruled  that  a 
handwriting-recognition  patent 
held  by  Xerox  Corp.  is  invalid  and 
dismissed  its  infringement  lawsuit 
against  PalmOne  Inc.  The  judge 
said  the  technology  existed  before 
Xerox  patented  its  Unistrokes 
software. 


Postal  Service  Pushes  Envelope 
On  Single  Sign-on  Technology 


Automated  user  ID/password  system 
will  support  more  than  155k  employees 


BY  LINDA  ROSENCRANCE 

he  u.s.  POSTAL  Ser¬ 
vice  this  summer 
plans  to  complete 
the  installation  of 
a  single  sign-on  system  that 
will  support  about  155,000 
end  users  and  more  than  7,000 
applications  and  Web  sites 
—  one  of  the  largest  deploy¬ 
ments  of  the  user  access  tech¬ 
nology  done  thus  far. 

The  new  system  has  already 
been  rolled  out  to  147,000 
users,  and  Bob  Otto,  chief 
technology  officer  at  the 
USPS,  said  last  week  that  the 
11-month  rollout  is  due  to  be 
finished  in  August.  The  new 
system  lets  USPS  workers  log 
onto  1,000  internal  applica¬ 
tions  and  6,000  external  ones 
using  only  their  Windows 
passwords,  Otto  said. 

“If  this  isn’t  the  largest  [de¬ 
ployment]  in  number  of  users, 
it’s  way  up  there,”  said  Jona¬ 
than  Penn,  an  analyst  at  For¬ 
rester  Research  Inc.  in  Cam¬ 
bridge,  Mass.  “By  far,  it’s  the 


largest  in  terms  of  number  of 
applications  supported.” 

The  system  is  built  around 
single  sign-on  software  devel¬ 
oped  by  New  York-based  Pass- 
logix  Inc.,  which  will  announce 
the  deployment  this  week. 

Otto  said  the  USPS  turned  to 
Passlogix’s  v-Go  Single  Sign- 
On  (SSO)  technology  to  solve 
its  No.  1  end-user  problem: 
remembering  passwords. 

Addressing  Security 

“An  average  end  user  had  five 
to  10  different  log-on  IDs  and 
passwords,  and  they  wrote 
them  down  on  little  pieces  of 
paper  and  stuck  them  under 
their  mouse  pads  [or]  under 
keyboards,”  Otto  said.  “They 
hid  them  everywhere  because 
they  couldn’t  remember  them. 
That  was  a  big  security  issue.” 

In  addition,  calls  to  the  help 
desk  by  end  users  who  had  for¬ 
gotten  their  passwords  were 
costing  the  USPS  millions  of 
dollars  per  year  in  operating 
costs,  according  to  Otto. 


Deployment 

Strategy 

■  The  USPS  used  Microsoft’s 
$ystems  Management  Server 
software  to  roll  out  v-Go  SSO 
to  35,000  Hewlett-Packard 
PCs  that  already  were  installed. 

■  It  gave  HP  a  custom  desktop 
image  preloaded  with  62  appli¬ 
cations,  including  v-Go  SSO, 
that  was  installed  on  95,000 
new  PCs  before  delivery. 


Now,  v-Go  SSO  stores  user 
IDs  and  passwords  for  appli¬ 
cations  in  an  encrypted  format 
within  Microsoft  Corp.’s  Ac¬ 
tive  Directory  software,  said 
Wayne  Grimes,  manager  of 
customer  care  operations  in 
the  USPS’s  IT  department. 
When  users  boot  up  their  PCs 
and  start  opening  applica¬ 
tions,  the  software  automati¬ 
cally  enters  their  IDs  and 
passwords,  he  said. 

Even  with  the  rollout  not 
yet  completed,  the  help  desk 
currently  averages  only  about 
10  password-related  calls  per 


day  —  most  of  which  involve 
questions  about  using  v-Go, 
Grimes  said.  That’s  a  far  cry 
from  the  “thousands  and  thou¬ 
sands”  of  calls  help  desk 
staffers  used  to  get,  he  added. 

The  USPS  has  been  able  to 
deploy  the  Passlogix  software 
without  modifying  any  appli¬ 
cations,  Otto  said,  noting  that 
he  assigned  just  one  IT  techni¬ 
cian  to  work  on  the  project  full 
time  and  another  part  time. 

Otto  estimated  that  it  would 
have  cost  $15  million  to  $25  mil¬ 
lion  to  modify  the  USPS’s  in¬ 
ternal  applications  for  a  home¬ 
grown  single  sign-on  approach. 
He  declined  to  disclose  what 
the  USPS  paid  for  v-Go  SSO 
but  said  the  deployment  will 
cost  less  than  $200,000. 

In  the  past,  single  sign-on 
software  required  IT  man¬ 
agers  to  write  scripts  for  the 
applications  being  supported, 
Penn  said.  That  led  many 
users  to  curb  the  scope  of 
projects,  he  added.  But  the 
rollout  at  the  USPS  “should 
really  be  a  wake-up  call  to 
organizations  that  are  strug¬ 
gling  with  password  manage¬ 
ment,”  Penn  said.  ©  47188 


BEA  Lays  Out  Plans  for  Diablo  App  Server 


BY  JAMES  NICCOLAI 

BEA  Systems  Inc.  aims  to  help 
users  reduce  their  application 
downtime  and  cut  the  cost  of 
integration  projects  with  the 
next  major  release  of  its  Web- 
Logic  Server  software,  due  in 
the  first  half  of  next  year. 

Code-named  Diablo,  Web- 
Logic  Server  9.0  is  due  for  beta 
release  in  September,  with  the 
final  release  slated  for  the  first 
half  of  2005,  said  Andrew  Lit¬ 
tlefield,  a  senior  director  of 
product  management  at  San 
Jose-based  BEA. 

Diablo  will  let  users  up¬ 
grade  and  patch  applications 
—  as  well  as  the  application 
server  itself  —  without  having 
to  take  their  systems  off-line, 


he  said.  That  feature  is  impor¬ 
tant  for  businesses  that  need 
the  highest  levels  of  availabili¬ 
ty,  such  as  banks. 

Users  will  be  able  to  load 
and  test  a  second  instance  of 
their  applications 
on  their  application 
servers  and  keep 
the  first  instance 
running  after  they 
go  live,  in  case  they 
need  to  migrate 
back  quickly.  They  will  initial¬ 
ly  be  able  to  do  this  only  with 
Web  applications,  however; 
support  for  message-driven 
and  rich-client  applications 
will  come  later,  Littlefield  said. 

“The  plus  about  Diablo  is 
that  they  are  realizing  that 


BEA  operates  in  a  universe  of 
many  other  systems,  and  tak¬ 
ing  down  an  application  serv¬ 
er  for  updates  or  even  apply¬ 
ing  patches  is  not  an  option 
for  companies  looking  to  Web- 
Logic  as  a  reliable 
part  of  their  infra¬ 
structure,”  said  Ron 
Schmelzer,  an  ana¬ 
lyst  at  ZapThink 
LLC  in  Waltham, 
Mass. 

The  upgrade  will  support 
XML  Beans  2.0  and  several 
other  new  standards,  includ¬ 
ing  J2EE  1.4,  WS-Reliable 
Messaging,  WS-Addressing 
and  the  Security  Assertion 
Markup  Language. 

“We  don’t  see  many  usage 


cases  where  you  need  [IBM’s] 
MQor  Tibco.  We  want  you, 
out  of  the  box,  to  be  able  to 
use  WebLogic  Server  as  a 
composite  applications  frame¬ 
work,  without  needing  to  buy 
additional  messaging  or  bus 
products,”  Littlefield  said. 

Schmelzer  said  he  found 
that  curious,  given  BEA’s  usual 
position  that  its  products  aug¬ 
ment,  rather  than  replace,  ex¬ 
isting  infrastructure  software 
for  building  service-oriented 
architectures. 

“They  should  stick  to  the 
story  of  BEA  working  well 
with  all  the  existing  systems 
and  not  pushing  to  have 
WebLogic  replace  any  that  are 
in  use,”  he  said.  ©  47217 


Niccolai  writes  for  the  IDG 
News  Service. 
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BEA  rethinks  the  browser  tor 
mobile  workers: 
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Microsoft 

the  timetable  that  the  software 
maker  set  in  October  2002. 
The  old  plan  called  for  five 
years  of  mainstream  support 
and  two  years  of  extended  sup¬ 
port.  Under  the  updated  poli¬ 
cy,  there  will  be  a  minimum  of 
five  years  of  mainstream  sup¬ 
port  followed  by  five  years  of 
extended  support. 

“It  is  very  welcome  news. 
The  big  challenge  we  face  is 
the  logistical  issue  of  upgrad¬ 
ing  30,000  devices  across  more 
than  5,000  locations.  It  is  a 
huge  undertaking,”  said  Ron 
Cook,  vice  president  of  tech¬ 
nology,  strategy  and  operations 
at  RadioShack  Corp.  “When 
we  have  to  do  an  upgrade  sole¬ 
ly  due  to  the  product  ending  its 


support  life  rather  than  techni¬ 
cal  reasons,  it  is  a  big  expense. 
The  extra  support  time  will  al¬ 
low  us  to  schedule  upgrades 
for  the  right  reasons.” 

But  the  new  mainstream 
and  extended  support  policy 
will  apply  only  to  software  re¬ 
leased  during  the  past  five 
years,  said  Peter  Houston, 
Microsoft’s  senior  director  of 
servicing  strategy.  He  said  that 
he  is  not  aware  of  any  excep¬ 
tions  being  made.  He  also  not¬ 
ed  that  the  new  plan  won’t 
cover  Windows  NT  4.0  Server 
or  Exchange  5.5.  The  extended 
support  period  for  those  two 
products  is  due  to  expire  at 
the  end  of  this  year. 

The  mainstream  support 
phase  provides  for  no-charge 
incident  support,  support  for 
warranty  claims  and  hot-fix 
support,  as  well  as  paid  per- 


incident  support  and  support 
charged  on  an  hourly  basis. 
Extended  support  essentially 
includes  the  paid  options  — 
with  the  exception  of  security 
hot  fixes,  which  are  still  free 
during  that  phase. 

“Since  their  10-year  support 
does  not  include  anything  I  am 
running,  it  really  is  very  use¬ 
less  to  me,”  said  David  Curran, 
manager  of  IT  at  CE  Franklin 
Ltd.  in  Calgary,  Alberta.  He  said 
60%  of  his  company’s  Win¬ 
dows  servers  run  NT,  includ¬ 
ing  those  with  Exchange  5.5. 

Some  customers  who  have 
yet  to  migrate  off  older  prod¬ 
ucts  may  consider  paid  exten¬ 
sion  options  from  Microsoft 
or  third-party  vendors,  unless 
they  decide  to  run  the  prod¬ 
ucts  unsupported. 

Several  users  said  they  have 
been  forced  to  keep  older  ver- 


I 


Microsoft  Unveils  Team 
System  for  Visual  Studio 

SAN  DIEGO 

The  newly  unveiled  Team  System 
addition  to  Microsoft’s  upcoming 
Visual  Studio  2005  release  will 
represent  substantial  change  for 
users  of  prior  versions  of  the  de¬ 
velopment  product. 

Never  before  have  they  had 
access  to  development,  design 
and  testing  tools  built  into  a  sin¬ 
gle  product.  The  Team  System  is 
intended  to  foster  better  collabo¬ 
ration  among  architects,  develop¬ 
ers  and  IT  professionals. 

“We've  seen  a  lot  of  isolation 
and  disconnect,”  said  Theresa 
Lanowitz,  an  analyst  at  Gartner 
Inc.  She  added  that  Team  System 
should  help  users  who  are  build¬ 
ing  service-oriented  applications, 
which  tend  to  require  greater  ar¬ 
chitectural  effort. 

Several  developers  expressed 
interest  in  the  Visual  Studio  Team 
System.  “It  eliminates  some  of  the 
hassle  of  going  back  and  forth  be¬ 
tween  developing  the  software, 
deploying  it  and  keeping  track 
and  managing  all  the  different 
tasks  and  testing  it,"  said  Andia 
Henries-King,  an  application 
manager  in  clinical  systems  at 
Otsuka  Maryland  Research  Insti¬ 
tute  Inc.  in  Rockville,  Md. 


She  said  she  does  a  little  mod 
eling  now  but  expects  to  do  more 
once  those  capabilities  are  built 
into  Visual  Studio.  “You  use  differ¬ 
ent  products,  and  sometimes  they 
don’t  all  work  together,”  Henries- 
King  said.  “But  having  it  all  in  one 
place  makes  it  a  lot  easier." 

Victor  Stuart,  an  Indianapolis- 
based  business  solutions  analyst 
at  Sallie  Mae  Inc.,  said  it  would  be 
helpful  to  “flush  out”  testing  sce¬ 
narios  while  working  in  the  inte¬ 
grated  development  environment. 

“It  would  save  time,  and  it 
would  prevent  us  from  forgetting 
things  that  we  need  to  do,”  he 
said.  “When  we  develop  an  appli¬ 
cation,  we  have  to  go  back  and 
figure  out  what  places  to  check. 
You  could  possibly  do  that  as  you 
went  along  in  the  development 
process,  as  opposed  to  having  to 
remember  everything  or  make 
notes  in  a  Word  document  or 
Notepad.” 

Also  at  its  Tech  Ed  conference 
here,  Microsoft  launched  the  2.0 
version  of  Web  Services  En¬ 
hancements  (WSE),  a  free  add¬ 
on  for  Visual  Studio  .Net  and  the 
.Net  Framework.  The  new  edition 
features  support  for  the  WS- 
Security  specification,  which  was 


at 


finalized  earlier  this  year  by  the 
Organization  for  the  Advance¬ 
ment  of  Structured  Information 
Standards. 

WSE  2.0  also  supports  early 
versions  of  several  Web  services 
specifications,  including  WS- 
Policy,  WS-SecureConversation, 
WS-Trust  and  WS-Addressing. 
Microsoft  and  other  vendors  are 
working  on  those  technologies, 
but  they  have  yet  to  be  turned 
over  to  a  standards  body. 

Furrukh  Khan,  a  professor  of 
electrical  and  computer  engineer¬ 
ing  at  Ohio  State  University,  said 
his  development  team  uses  WSE 
fully  aware  that  some  specifica¬ 
tions  may  change.  But  as  a  tester 
of  WSE,  he  has  seen  changes 
every  month  and  has  found  that  it 
takes  only  three  to  four  hours  to 
move  to  a  new  version. 

“The  gains  outweigh  the 
costs,”  Khan  said,  noting  that 
WSE  reduced  the  amount  of 
work  developers  needed  to  do 
to  build  13  Web  services  for  the 
Ohio  State  University  Medical 
Center.  “WSE  comes  out  of  the 
box  with  many  security  asser¬ 
tions  implemented.” 

Microsoft  also  released  a  tech¬ 
nical  beta  of  the  Office  Informa¬ 
tion  Bridge  Framework,  integrated 
tools  that  developers  can  use  to 
connect  Office  to  other  systems 
using  XML  and  Web  services. 

-  Carol  Sliwa 


sions  of  Windows  and  other 
Microsoft  products  as  a  result 
of  application  dependencies 
involving  software  built  by 
third-party  vendors. 

However,  Houston  said  older 
products  are  “not  as  service¬ 
able”  due  to  advances  in  soft¬ 
ware  development  technolo¬ 
gies  and  methodologies.  Hous¬ 
ton  added  that  products  ship¬ 
ping  eight  to  10  years  ago  were 
designed  well  before  many  of 
the  most  serious  security- 
threat  models  had  surfaced. 

“We  have  been  working 
with  customers  for  quite  a 
while  to  get  them  to  migrate 
off  of  NT  because  we  have 
concerns  over  our  ability  to 
provide  security  for  NT  4,”  he 
said.  “We  believe  that  NT  4 
has  reached  the  point  of  archi¬ 
tectural  obsolescence.” 

Houston  said  Microsoft 
“would  be  sending  the  mes¬ 
sage  that  we  thought  we  could 
secure”  NT  4  if  the  company 
retroactively  applied  the  new 
10-year  support  policy.  “We 
believe  that  would  not  be  re¬ 
sponsible  for  us  to  give  that 
false  sense  of  security,”  he  said. 

The  Next  Step 

Several  users  expressed  sup¬ 
port  for  Microsoft’s  decision, 
announced  at  the  Tech  Ed 
2004  conference  here,  and 
noted  that  they  have  been 
working  to  complete  migra¬ 
tions  off  of  NT  Server. 

“For  us,  information  securi¬ 
ty  is  more  important  than  ex¬ 
tending  the  NT  life  cycle,” 
said  Bob  Dutile,  an  executive 
vice  president  in  IT  at  Cleve¬ 
land-based  KeyCorp.  “We  pre¬ 
fer  working  off  a  more  secure 
core  code  base  and  concur 
with  Microsoft  that  replace¬ 
ment  of  NT  has  been  the  su¬ 
perior  option.  We  expect  to 
continue  to  lower  our  cost  of 
managing  patch  administra¬ 
tion  as  we  complete  our  re¬ 
placement  of  NT.” 

“While  it  would  be  better  for 
them  to  extend  it  to  the  10 
years  that  they  are  for  every¬ 
thing  else,  I  understand  their 
concerns  around  security,”  said 
Diane  Bunch,  senior  vice  presi¬ 
dent  of  information  services  at 
the  Tennessee  Valley  Authori¬ 
ty.  She  said  the  TVA  has  mi¬ 
grated  70%  of  its  NT  servers  to 


COMPARING  THE 
OLD  AND  NEW 


DURATION  OF 
MAINSTREAM  SUPPORT 
Existing  policy:  Five  years 
New  policy:  Minimum  of  five 
years 

DURATION  OF 
EXTENDED  SUPPORT 
Existing  policy:  Two  years 
New  policy:  Minimum  of  five 
years 

MINIMUMS 
Existing  policy:  None 
New  policy:  Mainstream  Support 
is  the  greater  of  five  years  or  two 
years  after  the  “N+1”  release 
ships.  Extended  Support  is  the 
greater  of  five  years  or  two  years 
after  the  “N+2”  release  ships. 


Windows  2000  and  is  working 
on  the  rest. 

Some  users  questioned  Mi¬ 
crosoft’s  rationale.  Jon  Dell’An- 
tonia,  vice  president  of  IT  at 
OshKosh  B’Gosh  Inc.  in  Osh¬ 
kosh,  Wis.,  said  he  found  Mi¬ 
crosoft’s  explanation  “curious, 
[given]  the  amount  of  patches 
and  holes  exploited  in  the  cur¬ 
rent  products.”  He  added  that 
although  NT  probably  is  less 
secure  than  newer  Windows 
versions,  it’s  also  rare  that 
viruses  target  it  and  older 
desktop  operating  systems. 

Dell’Antonia  said  it  would 
have  been  preferable  if  Micro¬ 
soft  had  extended  support  for 
NT.  His  company  has  600  cash 
registers  running  NT  Work¬ 
station  and  150  stores  running 
NT  Server.  On  the  other  hand, 
he  said,  it’s  no  shock  to  see 
support  end,  since  Microsoft 
is  merely  “doing  what  they 
said  they  were  going  to  do.” 

Dennis  Callahan,  CIO  at 
The  Guardian  Life  Insurance 
Company  of  America  in  New 
York,  said  he  has  no  quibble 
with  migrating  the  company’s 
NT  servers,  considering  the 
aging  operating  system’s  “ob¬ 
vious”  security  weaknesses. 

But  Callahan  added  that  he 
finds  Microsoft’s  “willingness 
to  extend  support  to  fix  their 
security  bugs  for  a  fee  to  be 
inconsistent  with  both  the 
newly  announced  policy  and 
their  stated  reason  for  not  ex¬ 
tending  the  new  policy  retro¬ 
actively  to  NT.”  O  47207 
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Torvalds  Proposes  Tighter 
Tracking  for  Linux  Kernel 


Digital  Document 
Security  and  IT: 
Everything  you 
need  to  know. 

Q#  What  are  the  most  significant 
•  digital  copier  security  issues? 

A#  Various  copier  print  controllers 
•  are  actually  servers  that  queue 
and  permanently  store  multiple 
document  files,  providing  administrator 
access  to  the  documents.  At  a 
minimum,  most  digital  copiers  retain 
the  last  document  processed;  some 
even  retain  multiple  documents 
totaling  hundreds  of  pages.  Others 
redirect  print  jobs  when  the  printer  is 
busy  or  jammed,  making  "denial  of 
service" attacks  possible. 

Q#  How  does  Sharp  protect  the 
•  network  interface? 

The  Sharp  Ethernet  card  allows 
•  administrators  to  restrict 
access  and  disable  unnecessary 
protocols.  With  this  network  card,  the 
Sharp  digital  copier  is  essentially 
protected  by  its  own  firewall. 

Q#  How  can  you  be  sure  that 
•  security  products  actually 
perform  as  claimed? 

A#  The  Common  Criteria 

•  program — administered  by 
the  U.S.  National  Security  Agency  and 
the  National  Institute  of  Standards 
and  Technology — evaluates  security 
solutions.  Products  that  are  validated 
under  the  program  meet  security 
levels  consistent  with  ISO  1 5408 
methodology. 

Qe  How  can  Sharp  improve  IT 
•  security? 

A#  Sharp  offers  print  privacy 
•  solutions  designed  to  restrict 
unauthorized  personnel  from  seeing 
confidential  materials.  Copier  access 
can  be  controlled  and  monitored, 
while  documents  retained  in  printer/ 
copier/scanner/fax  memory  are 
immediately  cleared  to  eliminate 
unauthorized  access. 


sharpusa.com 


.  be  sharp 

©2004  Sharp  Electronics  Corporation. 


Move  could  resolve 
ownership  questions 

BY  ROBERT  MCMILLAN 

Linux  creator  Linus  Torvalds  has  pro¬ 
posed  changes  to  the  kernel  develop¬ 
ment  process  that  would  make  it  easier 
for  Linux  kernel  developers  to  respond 
to  questions  regarding  source  code 
ownership  such  as  those  raised  by 
The  SCO  Group  Inc.  in  its  multibillion- 
dollar  lawsuit  against  IBM. 

In  an  e-mail  sent  May  22  to  the  Linux 
kernel  mailing  list,  Torvalds  proposed 
that  kernel  developers  begin  certifying 
that  the  code  they  contribute  is  entitled 
to  be  included  in  the  Linux  kernel.  He 
also  suggested  a  technique  for  “signing 
off  on  patches”  that  would  better  track 
which  developers  had  handled  source 
code  contributions. 

That  idea  won  the  backing  of  Open 
Source  Development  Labs  Inc.,  which 
last  week  announced  its  support  for 
the  proposed  changes  to  the  kernel- 
submission  process. 

Under  that  process,  “contributions 
to  the  Linux  kernel  may  only  be  made 
by  individuals  who  acknowledge  their 
right  to  make  the  contribution  under 
an  appropriate  open-source  license,” 
the  OSDL  said  in  a  statement.  “The  ac¬ 
knowledgement,  called  the  Develop¬ 
er’s  Certificate  of  Origin,  tracks  contri- 


Firewall  products  will 
compete  with  Cisco’s 

BY  JORIS  EVERS 

Taking  aim  at  security  appliance  ven¬ 
dors,  Microsoft  Corp.  last  week  said 
that  hardware  makers  will  sell  its 
forthcoming  Internet  Security  and 
Acceleration  Server  2004  software 
preinstalled  on  their  devices. 

Hewlett-Packard  Co.,  Celestix  Net¬ 
works  Inc.  and  Network  Engines  Inc. 
will  be  the  first  hardware  makers  to  of¬ 
fer  appliances  based  on  the  ISA  Server 
firewall,  virtual  private  network  and 
Web  cache  product,  Microsoft  officials 
said.  The  devices  will  compete  with 
appliances  sold  by  Check  Point  Soft¬ 
ware  Technologies  Ltd.,  Cisco  Systems 
Inc.  and  others. 


butions  and  contributors.  The  DCO 
ensures  that  appropriate  attribution  is 
given  to  developers  of  original  contri¬ 
butions  and  derivative  works,  as  well  as 
to  those  contributors  who  receive  sub¬ 
missions  and  pass  them,  un¬ 
changed,  up  the  kernel  tree.” 

All  contributors  to  the  ker¬ 
nel  will  be  asked  to  sign  off 
on  any  submission  before  it 
will  be  considered  for  inclu¬ 
sion,  the  OSDL  said.  The 
Beaverton,  Ore.-based  group 
also  plans  to  launch  an  edu¬ 
cational  campaign  for  devel¬ 
opers  and  users  about  the 
DCO  and  the  new  submis¬ 
sion  process. 

Torvalds’  plan,  now  the  subject  of 
discussion  among  kernel  developers, 
could  be  adopted  in  time  for  the  devel¬ 
opment  of  the  Linux  2.7  kernel,  Tor¬ 
valds  said  in  an  e-mail  interview.  “I 
think  we’re  going  to  do  it,  although 
realistically  it  probably  won’t  be  all  up 
and  running  until  maybe  a  couple  of 
months  from  now,”  he  said. 

Torvalds  himself  has  been  subpoe¬ 
naed  as  part  of  the  SCO  vs.  IBM  law¬ 
suit  [QuickLink  42849],  and  while  he 
acknowledged  that  SCO’s  claims  pro¬ 
vided  a  “big  impetus”  for  the  changes, 
he  said  the  move  was  also  designed  to 
reassure  Linux  users  and  stakeholders 
who  aren’t  involved  in  the  kernel  de- 


HP  plans  to  start  selling  the  ProLiant 
DL320  firewall,  VPN  and  caching  serv¬ 
er  running  ISA  Server  2004  in  the  third 
quarter.  The  product  will  cost  $3,000 
and  will  be  aimed  primarily  at  midsize 
companies  and  organizations  in  the 
public  sector,  said  Rick  Fricchione,  an 
HP  vice  president. 

Fremont,  Calif. -based  Celestix  plans 
to  start  selling  its  MSA4000  firewall, 
VPN  and  caching  appliance  in  the 
third  quarter  for  $2,495.  Canton,  Mass.- 
based  Network  Engines  said  it  will  of¬ 
fer  a  firewall  for  Microsoft’s  Exchange 


velopment  process.  “People  who  don’t 
understand  how  I  interact  with  the 
people  I  work  with  literally  feel  better 
just  having  it  down  more  as  a  docu¬ 
mented  process,”  Torvalds  said. 

The  proposed  changes  will  make  it 
easier  for  companies  that  contribute  to 
the  Linux  kernel  to  standardize  their 
development  processes  and  “will  pla¬ 
cate  some  CEOs  and  CTOs  waiting  for 
the  outcome  of  SCO’s  legal  claims 
against  IBM,”  said  Stacey  Quandt,  an 
analyst  at  Santa  Clara,  Calif.- 
based  Quandt  Analytics. 

However,  Torvalds’  plan 
doesn’t  address  questions 
that  executives  may  have 
about  code  that  has  already 
been  contributed  to  the  Lin¬ 
ux  kernel,  Quandt  said.  “This 
limitation  will  still  leave 
some  senior  executives  on 
the  sidelines,  potentially  be¬ 
yond  the  outcome  of  SCO’s 
case,”  she  noted. 

SCO  claims  that  the  Linux  kernel  il¬ 
legally  includes  Unix  System  V  code. 
The  Lindon,  Utah-based  company  has 
released  a  number  of  snippets  of  code, 
all  of  which  have  been  analyzed  in 
depth  by  the  open-source  community. 

The  documentation  process  would 
make  it  easier  to  debunk  similar  claims 
in  the  future,  Torvalds  said.  “One  of 
the  reasons  for  this  is  that  10  years 
from  now  . . .  we’ll  have  explicitly  doc¬ 
umented  what  we  now  basically  take 
for  granted,”  he  said,  ©  47164 


McMillan  writes  for  the  IDG  News 
Service.  Computerworld’s  Ken  Mingis 
contributed  to  this  report 


Server  e-mail  product  but  didn’t  an¬ 
nounce  pricing  or  availability. 

ISA  Server  is  designed  to  help  users 
protect  Microsoft  applications,  such  as 
the  Exchange  e-mail  server,  Internet 
Information  Services  Web  server  and 
SharePoint  collaboration  tools.  ISA 
Server  offers  application  filters  for 
these  and  other  Microsoft  products. 

Both  Microsoft  and  HP  expect  the 
appliances  to  be  used  as  an  applica¬ 
tion-specific  second  layer  of  defense 
when  installed  in  large  organizations 
and  as  the  only  firewall  product  in 
smaller  ones. 

ISA  Server  2004  Standard  Edition 
will  cost  $1,499  per  processor  and  will 
ship  in  the  third  quarter.  An  enterprise 
edition  is  due  by  year’s  end.  ©  47163 


Evers  writes  for  the  IDG  News  Service. 


HP,  Others  to  Sell  Appliances  With  Microsoft’s  ISA  Server 


TORVALDS;  Plan 
may  be  in  effect  for 
development  of  the 
Linux  2.7  kernel. 


Trends  in  Proprietary  Information  Loss  Survey  (ASIS  2002).  ©2004  Sharp  Electronics  Corporation. 


How  secure  is  your  digital  information? 


Protect  your  information  with  the  Data  Security 
Kit  from  Sharp.  Financial  facts,  personnel  records, 
customer  lists:  networked  copiers/printers  process 
sensitive  information  every  day.  Unfortunately,  their 
hard  drives  can  also  be  accessed  via  the  network, 
contributing  to  $60  billion  worth  of  information 
theft  every  year*  To  protect  this  weak  link  in  your 


corporate  security,  we've  created  our  Data  Security 
Kit.  It's  the  first  copier  and  printer  protection  to 
be  validated  by  Common  Criteria,  a  government- 
sponsored  program,  and  it's  available  only  with 
our  Digital  IMAGER™  series  of  copiers/printers. 
Sharp's  Data  Security  Kit.  Enhanced  information 
protection  at  your  fingertips,  sharpusa.com/security 
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MARYFRAN  JOHNSON 


Big  Brother  IT 


I  ALWAYS  READ  e-mail-monitoring  stories  with 
a  squeamish  surge  of  discomfort  at  the  very 
idea  of  it  all.  Although,  as  a  manager,  I  under¬ 
stand  the  corporate  motivation  behind  the  es¬ 
calating  spread  of  technologies  used  to  track 
employee  activities  online.  In  fact,  in  this  week’s  “In¬ 
formation  Highway  Patrol”  story  on  page  28  [Quick- 
Link  45790],  we’ve  covered  many  of  them. 


There’s  a  professional 
football  team  that’s  wor¬ 
ried  about  protecting  its 
brand  from  “inappropri¬ 
ate”  online  behaviors. 

There’s  a  fitness  center 
hoping  to  boost  employee 
productivity  by  restrict¬ 
ing  Web  use  to  certain 
health-related  sites. 

There’s  a  medical  facility 
intent  on  conserving  net¬ 
work  resources  by  moni¬ 
toring  every  e-mail,  in¬ 
stant  message,  chat  ses¬ 
sion  and  keystroke. 

Yet  the  practice  of  e-mail  monitor¬ 
ing  evokes  in  me  a  feeling  akin  to  that 
classic  anxiety  dream  where  you’re 
at  the  prom  wearing  only  your  under¬ 
wear  but  desperately  pretending  no¬ 
body  else  notices.  Just  act  normal,  you 
tell  yourself. 

Which  is  what  we  all  do  on  e-mail, 
our  e-home  away  from  home.  We 
communicate  freely,  making  smartass 
remarks,  exchanging  gossip,  spouting 
opinions,  unwilling  or  unable  to  stop 
ourselves  from  being  ourselves. 
Sometimes,  when  I’m  sending  a  note 
that’s  particularly  sensitive,  I’ll  em¬ 
ploy  a  couple  of  dorky  features  in  Lo¬ 
tus  Notes,  marking  it  “confidential” 
and  checking  the  box  that  says  “pre¬ 
vent  copying.”  Any  serious  techie 
would  snort  beer  through  his  nose 
laughing  at  the  ease  of  bypassing  such 
features.  So  I  know  it’s  pointless. 

Technologically,  content  monitor- 
ini  is  getting  easier  to  do  but  more 
complex  and  expensive  to  manage. 

Sr  j logically,  today’s  business  and  reg¬ 
ulatory  climate  demand  audit-worthy 
efforts  to  safeguard  information. 
Legally,  there’s  no  question  that  com¬ 
panies  not  only  have  the  right  to  mon- 
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itor  employee  e-mails  but 
also  the  duty  to  ensure 
that  IT  resources  aren’t 
being  used  for  illegal  pur¬ 
poses  such  as  harassment 
or  intellectual  property 
theft.  Many  companies  are 
careful  to  remind  employ¬ 
ees  that  there’s  no  work¬ 
place  right  to  privacy. 

What  worries  me  about 
Big  Brother  IT  isn’t  just 
the  thankless  nature  of 
employee  monitoring 
but  the  ultimate  futility 
of  it.  Enterprises  are  becoming  more 
porous  every  day,  with  as  many  peo¬ 
ple  working  remotely  as  within  com¬ 
pany  walls.  Where  does  work  life 
end  and  private  life  begin  when  the 
boundaries  between  them  are  contin¬ 
ually  in  flux? 

Resentment  about  being  tracked 


everywhere  we  click  is  growing,  not 
diminishing.  And  this  hornet’s  nest 
shouldn’t  be  dropped  in  the  laps  of  IT 
managers.  It  belongs  to  HR,  which 
unfortunately  happens  to  be  the  one 
department  IT  people  do  their  best  to 
avoid.  Not  a  good  plan  when  it  comes 
to  this  mess. 

“It’s  a  question  of  setting  expecta¬ 
tions  of  how  much  of  a  problem  the 
technology  will  solve  and  how  much 
has  to  be  addressed  by  more  creative, 
thoughtful  evolution  of  organizational 
culture,”  says  Danny  Weitzner,  a  pri¬ 
vacy  expert  and  the  World  Wide  Web 
Consortium’s  technology  and  society 
domain  leader.  He  notes  that  e-mail 
monitoring  is  merely  the  tip  of  an  ice¬ 
berg  of  technologies  (such  as  proximi¬ 
ty  cards  with  RFID  chips)  that  will  be 
collecting  “phenomenal  amounts  of 
information”  about  us  all  —  for  pur¬ 
poses  that  remain  unclear. 

“IT  people  are  not  good  at  making 
these  judgments  on  filtering  policies,” 
Weitzner  points  out.  “The  best  place 
to  work  that  out  is  not  when  you’re 
upgrading  your  network  infrastruc¬ 
ture.” 

He’s  right,  and  I  wonder  how  many 
companies  are  still  thinking  technolo¬ 
gy  first  and  HR  policies  last.  Where 
will  that  leave  IT?  Out  patrolling  the 
information  highway  with  no  backup. 
©  47176 
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DAVID  MOSCHELLA 

Users  Are 
Taking  the 
Lead  in  IT 

OVER  the  past  several 
years,  few  IT  industry 
developments  have 
been  covered  by  the  media  as 

eagerly  as  Wal-Mart’s  efforts  in  RFID 
and  McDonald’s  and  Starbucks’  sup¬ 
port  for  Wi-Fi.  Much  of  this  interest 
stems  from  the  simple  fact  that  most 
people  prefer  to  read  and  write  about 
things  they  actually  know  something 
about.  Most  stories  about  the  projects 
of  IT  customers  are  a  step  or  two  away 
from  our  daily  experiences,  which 
makes  them  feel  somewhat  less  real 
and  compelling. 

But  there’s  also  a  deeper,  more  im¬ 
portant  attraction  at  work.  These  sto¬ 
ries  are  telling  us  that  something  in  the 
technology  business  is  changing.  The 
establishment  of  ma¬ 
jor  new  information 
technologies  has 
nearly  always  been  a 
vendor-led  process. 

But  with  RFID  and 
Wi-Fi,  it  seems  clear 
that  it’s  customers 
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who  are  taking  the 
lead.  This  is  indeed 
newsworthy. 

Look  back  at  the 
evolution  of  the  key 
technologies  we 
work  with  today. 

Who  did  most  of  the 
initial  promotion, 
who  drove  the  stan¬ 
dards  process,  and  who  tried  to  set  the 
timetable  for  the  marketplace  to  .move 
forward?  Overwhelmingly,  IT  vendors 
took  the  lead  on  these  types  of  issues. 
But  can  you  name  any  major  RFID  or 
Wi-Fi  suppliers?  Most  of  us  can’t,  but 
even  the  general  public  seems  to  know 
what’s  happening  at  Wal-Mart,  Star- 
bucks  and  McDonald’s. 

Ultimately,  the  establishment  of  a 
new  technology  is  about  leadership, 
risk-taking  and  doing  whatever  is  nec¬ 
essary  to  help  it  reach  critical  mass. 
This  is  what  IT  vendors  are  financial¬ 
ly  motivated  to  do,  and  it’s  what  they 
stay  up  at  night  worrying  about.  That’s 
why  it’s  so  easy  for  them  to  slip  over 
the  line  into  hype.  The  pressure  on 
them  to  promote  and  succeed  is  often 
relentless. 
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But  isn’t  this  exactly  what  is  happen¬ 
ing  now  with  Wal-Mart?  The  company 
is  becoming  synonymous  with  the 
commercial  use  of  RFID  in  the  same 
way  that  PalmOne  has  been  with 
PDAs,  or  Microsoft  with  tablet  PCs. 
This  means  that  if  RFID  technology 
proves  to  be  immature,  if  partners  re¬ 
sist  or  if  key  deadlines  are  missed,  it’s 
Wal-Mart  that  will  take  the  media  heat 
and  lose  credibility,  just  as  Microsoft 
does  when  projects  such  as  Longhorn 
stretch  into  the  indefinite  future. 

From  a  broader  industry  perspective, 
the  key  question  is  whether  this  shift 
from  supplier  to  customer  leadership 
is  limited  to  these  isolated  cases  or  is 
part  of  a  wider  trend.  The  evidence 
suggests  that  it’s  the  latter.  Look  at  the 
role  that  Amazon  is  playing  in  Web 
services,  or  the  way  RosettaNet  and 
others  are  moving  forward  on  the  next 
generation  of  supply  chain  standards. 

For  decades,  customers  have  com¬ 
plained  that  IT  vendors  hype  their 
products  and  deliberately  build  in  self- 
serving  levels  of  incompatibility.  They 
have  accused  vendors  of  everything 
from  greed  to  incompetence  and  dis¬ 
honesty.  But  these  same  customers  will 
soon  find  out  whether  they  can  do  the 
job  any  better  themselves.  If  they  can’t, 
today’s  mostly  friendly  media  coverage 
will  surely  turn  sour.  ©  46982 

VIRGINIA  ROBBINS 

Keeping 
Replacements 
On  Track 

IT  WAS  a  great  day  for  a 
bike  ride.  I  planned  a 
short  one,  out  of  the 

neighborhood  and  over  the 
railroad  tracks.  The  tracks  are  no 
longer  used,  but  for  some  reason,  prob¬ 
ably  related  to  the  expense,  my  town 
hasn’t  removed  them. 

Off  I  went,  down  the  road,  over  the 
railroad  tracks,  around  the  corner  and 
then  —  a  bus.  I  needed  to  be  on  the 
other  side  of  the  tracks  —  quickly. 
Swerving,  I  turned  back  across  the 
rails.  In  slow  motion,  I  saw  my  front 
wheel  slide  across  the  rail,  into  a  rut  in 
the  asphalt,  and  stop.  Just  before  I  fell, 

I  thought:  This  is  going  to  hurt. 

It  wasn’t  the  First  time  old  infra¬ 
structure  has  caused  me  pain.  Why  is  it 
that  old  equipment  seems  to  die  only 
after  you  identify  the  need,  design  a 


solution  and  get  the  budget 
approved,  but  never  after 
the  newer,  more  reliable 
stuff  is  installed? 

Before  Y2k,  you  could  be 
certain  that  there  was  old 
equipment  somewhere  in 
your  organization,  living 
long  past  its  depreciation 
schedule,  serving  a  few  mid¬ 
size  clients  or  a  small  but 
profitable  program  in  the 
accounting  department.  Its 
function  never  provided 
enough  value  to  justify  re¬ 
placing  the  equipment.  The 
old  stuff  remained  part  of  your  infra¬ 
structure,  just  useful  enough  to  be 
declared  an  “exception  to  standards.” 
Eventually,  it  would  start  to  die  and  you 
could  execute  your  replacement  plan. 

You  did  have  a  plan,  didn’t  you? 

Thank  goodness  for  Y2k.  Not  only 
was  all  of  the  old  equipment  identified 
and  documented,  but  we  were  also 


working  in  the  best  inter¬ 
ests  of  our  companies 
when  we  replaced  it.  Those 
little  date  tests  suddenly 
put  all  those  exceptions  to 
standards  at  the  top  of  the 
replacement  list.  Finally,  all 
that  old,  about-to-die 
equipment  was  gone. 

I  only  wish  railroad 
tracks  were  date-enabled. 

Between  Y2k  and  the  en¬ 
suing  need  to  support  dot¬ 
com  initiatives,  I’ve  gotten 
used  to  a  more  modern  in¬ 
frastructure.  However,  as 
time  passes,  I’m  anticipating  requests 
to  make  exceptions  to  standards. 

In  today’s  do-more-with-less  post- 
dot-com  world,  it’s  hard  to  justify  re¬ 
placing  older  infrastructure  items  that 
aren’t  broken,  are  still  fully  supported 
by  their  manufacturers  and  are  virus- 
and  worm-free.  Given  a  choice  be¬ 
tween  spending  scarce  investment 


dollars  on  projects  to  build  sales  vol¬ 
ume  or  to  help  operations  become 
more  efficient,  replacing  older  equip¬ 
ment  is  a  low  priority. 

Yet  there’s  hope.  It’s  our  job  to  align 
technology  efforts  in  support  of  busi¬ 
ness  needs  and  to  advocate  for  tech¬ 
nology  improvements  that  enable 
business  change.  Older  equipment 
increases  risk  and  limits  opportuni¬ 
ties,  which  justifies  some  attention 
and  expense.  So  you  outsource  some 
of  the  functionality  and  use  new  tech¬ 
nologies  in  other  projects  when  ap¬ 
propriate.  Whatever  is  left  over  goes 
back  into  the  three-year  plan.  Then 
you  regularly  measure  the  old  equip¬ 
ment’s  reliability  and  wait. 

You  do  have  a  plan,  don’t  you? 

©  47062 
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Open-Source  Is 
Right  for  Web  Sites 

KUDOS  to  Weather.com  [“A  Sun¬ 
ny  Forecast  for  Open-Source,” 
QuickLink  46065],  Instead  of  out¬ 
sourcing  jobs  to  other  countries,  we 
should  be  “outsourcing”  expensive 
technology  in  favor  of  lower-cost 
solutions.  The  use  of  Linux  with 
Apache  Tomcat  is  a  powerful  and 
economical  solution.  I  am  some¬ 
times  bewildered  that  companies 
use  expensive  technology  for  their 
Web  sites  when  open-source  op¬ 
tions  offer  reliable,  robust  and 
secure  software  at  a  lower  cost. 
Brad  Simonin 
Network  Web  engineer, 

Las  Cruces,  NM. 

Clarifying  GNOME 

■  HAVE  followed  the  development 
of  the  Linux  desktop  for  close  to 
10  years,  having  fled  from  the  atroci¬ 
ty  that  was  Windows  95. 1  was 
struck  by  what  appeared  to  be  an  in¬ 
accurate  statement  in  Nicholas  Pe- 
treley’s  (deservedly)  critical  piece 
on  GNOME  [“Living  Down  to  a  Low 
Standard,"  QuickLink  46629]: 
“GNOME  grew  out  of  the  desire  to 
free  people  from  Microsoft’s  ability 
to  dictate  what  users  can  or  can't  do.” 

That  is  true  only  in  the  broadest 
sense.  GNOME  was  a  reaction 
against  the  licensing  (and  program¬ 


ming  language  and  tool  kit  choice) 
adopted  by  the  KDE  programmers 
when  they  first  released  the  K  Desk¬ 
top  Environment.  While  recognizing 
some  value  in  a  more  “modern” 
desktop  manager,  many  program¬ 
mers  were  disgusted  that  the  Q 
Toolkit  wasn't  licensed  under  the 
GPL  and  that  it  was  written  in  C++. 

GNOME  was  born  to  offer  a 
GPL'd  alternative  to  the  “heretic” 
KDE  project.  The  GTK  (Gimp  Toolkit) 
was  drafted  for  development  be¬ 
cause  it  was  GPL’d  and  written  in  C 
(the  one  true  language,  according  to 
some).  Until  Troll  released  a  GPL 
version  of  the  Q  Toolkit,  the  GNOME 
project  was  favored  for  idealistic 
reasons  by  some  and  received  sup¬ 
port  from  Red  Hat  and  others.  Un¬ 
fortunately,  GNOME  never  lived  up 
to  the  noise  its  supporters  made  and 
was  always  playing  catch-up  to  KDE 
technically. 

I  use  Fluxbox  for  my  window 
manager.  Simplicity,  coupled  with 
low  overhead  and  a  few  real  innova¬ 
tions,  matters  more  to  me  than  all 
the  glitz  of  either  KDE  or  GNOME. 
Chuck  Morrison 
Platteville,  Colo. 

PETRELEY’S  rant  against 
GNOME  belongs  in  an  obscure 
blog,  not  in  a  major  publication.  He 
doesn’t  grasp  the  freedom  of  choice 
provided  by  GNOME  and  KDE.  I  pre¬ 
fer  GNOME,  but  many  Windows 


users  who  don’t  have  time  to  learn 
new  technologies  prefer  KDE. 

To  be  honest,  I  usually  use  xfce4. 
Like  GNOME,  it  uses  the  more  ad¬ 
vanced  GTK  libraries,  but  xfce4  is 
faster  than  GNOME.  However,  I  am 
glad  to  have  the  choice,  and  I  re¬ 
spect  others  who  make  a  different 
choice.  I  don’t  want  to  get  into  the 
perpetual  flame  war  between  users 
of  C  and  users  of  C++.  However,  it 
should  be  noted  that  the  bug-infest¬ 
ed  software  from  Microsoft  uses 
C++.  Also,  GTK  is  simpler  to  learn 
and  to  use  than  Qt.  Furthermore, 
Petreley  should  consider  that  the 
Gimp  is  built  with  the  GTK  libraries 
for  which  he  has  such  contempt. 
Frederick  R.  Hanhisaio 
CTO,  Hiraeth  Celtic  Goods, 
Duxbury,  Mass. 

Preventing  Worms 


i 


BELIEVE  Frank  Hayes  has  been 
listening  to  Chicken  Little  too 
much  [“Sinister  Sasser,"  QuickLink 
46707],  My  home  LAN  is  protected 
with  a  hardware  firewall  (even  dial¬ 
up  users  can  benefit  from  a  hard¬ 
ware  firewall),  and  I  regularly  review 
its  logs  for  evidence  I  can  forward  to 
my  provider  in  case  it  wants  to  block 
the  attacks  at  its  borders. 

Each  PC  also  has  a  software  fire¬ 
wall  that  challenges  every  new  out¬ 
bound  connection  attempt,  as  well 
as  regularly  updated  antivirus  and 


malware/spyware  packages,  each 
owned  by  the  administrator.  Every 
Windows  PC  has  been  hardened  by 
disabling  some  of  the  easiest-to- 
disable  exploits,  installing  alterna¬ 
tive  browsers  and  e-mail  clients, 
making  them  the  default  clients  and 
making  every  user  account  a  non¬ 
administrator.  And  on  those  PCs 
that  might  visit  unscrupulous  Web 
sites,  a  hardened  version  of  Linux  is 
installed.  The  Linux  system  is  simi¬ 
larly  protected,  accessed  only  by 
nonroot  users,  and  the  root  account 
is  locked  down  tight. 

A  little  preventive  work  and  safe 
surfing  practices  can  make  even  the 
meanest  worm  nothing  more  than  a 
five-liner  on  the  back  page. 

Larry  Williams 
Information  security 
administrator,  Fiserv  EFT, 
Portland,  Ore. 
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AGENDA  FOR  SUCCESS:  NYC,  June  7  &  D.C.,  June  17 

See  how  far  EMC  storage  and  information  management  solutions  can  take  you. 


Attendance  is  FREE, 
but  seats  are  limited. 
Register  now. 


At  an  EMC  Forum  you’ll  be  on  the  fast  track  to  discovering  how  information  lifecycle  man¬ 
agement  helps  you  maximize  the  value  of  information,  at  the  lowest  total  cost  of  ownership, 
at  every  point  in  the  information  lifecycle. 


Monday,  June  7,  2004 
The  Grand  Hyatt  New  York 
Park  Avenue  at  Grand  Central  Station 
New  York,  NY  10017 

Thursday,  June  17,  2004 
Sheraton  Premiere  at  Tysons  Corner 
8661  Leesburg  Pike 
Vienna,  VA  22182 


In-depth  presentations,  EMC  and  industry  experts,  best-practice  reviews,  and  breakout  and  Q&A 
sessions  give  you  insights  on  how  to: 

•  Simplify  Exchange  &  Oracle  migrations  •  Gain  measurable  TCO  savings 

•  Align  data  value  to  business  needs  •  Meet  compliance  regulations 

•  Simplify  storage  management  •  And  much  more 

See  up-to-date  seminar  details,  agendas,  and  more  on  our  registration  site. 

Register  now  at  www.EMC.com/forumseries. 
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SECURITY  MANAGER’S  JOURNAL 

Worm  Lays  Waste  to  IT’s  Defenses 

Unpatched  servers  in  the  engineering  labs 
and  inadequate  controls  over  inbound  VPN 
connections  lead  to  a  Sasser  disaster  at 
Mathias  Thurman’s  company.  Page  31 


QUICKSTUDY 

RSS 

This  XML-based  format  allows  third 
parties  to  republish  Web  site  content  and 
provides  a  mechanism  for  keeping  the 
syndicated  content  up  to  date.  Page  30 


Information  Highway  Patrol 

Concerns  over  productivity  and 
liability  are  driving  companies  to 
adopt  tools  that  monitor  employ¬ 
ee  use  of  e-mail  and  the  Internet. 

Page  28 


Sabre  CTO  says 

the  company’s  approach  to  its  IT 
upgrade  is  like  a  slow  but  steady 
drive  through  a  snowstorm. 
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Sable 


The  air-travel  software  company 
has  reinvented  its  25-year-old 
mainframe  applications  with  mod¬ 
ern  languages  and  commodity 
hardware.  By  Gary  H.  Anthes 


/-n  FLIES  TO  o  a  - 

Open  Syste 


Sabre 


Holdings  Corp.,  the 
air-travel  software  company,  has 
an  ambitious  set  of  objectives  for  the 
remake  of  its  “shopping  engine,”  a 
25-year-old  mainframe  application 
with  10  million  lines  of  assembler 
code  that  processes  more  transactions 
per  second  than  the  New  York  Stock 
Exchange. 

In  order  to  rein  in  escalating  proc¬ 
essing  costs  and  offer  customers  more 
options,  Sabre  is  completely  overhaul¬ 
ing  the  software  used  by  airlines,  travel 
agents  and  passengers  to  find  and  book 
flights.  In  stages,  Sabre  is  replacing  its 
old  mainframe  assembler  code  with 
modern  languages  running  on  cheap 
commodity  computers  and  open  sys¬ 
tems,  including  Linux. 

Sabre’s  Global  Distribution  System, 
which  used  to  be  called  the  Customer 
Reservation  System,  has  roots  all  the 
way  back  to  1960.  It  consists  of  three 
air-travel  subsystems,  one  each  for 
shopping  (which  includes  pricing), 
booking  and  fulfillment  (day-of-travel 
operations).  The  Air  Travel  Shopping 
Engine,  which  accounts  for  more  than 
50%  of  Sabre’s  total  data  processing 
load,  handles  the  shopping  and  pricing. 
If  you’re  on  Travelocity.com  (a  Sabre 
company)  surfing  for  the  best  sched¬ 
ules  and  fares  between  New  York  and 
Washington,  you’re  using  ATSE. 

Sabre  likens  its  big  system  project  to 
Continued  on  page  24 


Profiles  in  Business 


Every  business  is  a  team  of  individuals.  And  if  you  can  maximize  teamwork,  you’ll 


maximize  productivity— which  is  where  Nokia  comes  in.  Everything  we  make,  from 
advanced  messaging  devices  to  secure  mobile  connectivity  offerings,  is  engineered  to 


give  your  team 
immediate: 


the  power  to  work  faster  and  smarter.  The  payoff  can  be 


Torturous  Trevor  the  Technoholic 


Mr.  "I  Hove  Security  Issues"  R  0  Ida  The  chjef 

Financial  Officer 


Working-from-Home  WoltB 


The  Nokia  6820  Messenger 


Mobility:  Teamwork 

How  to  be  more  competitive,  more  productive,  and,  uh,  more  in  sync. 


improved  coordination,  faster  growth.  And  because  Nokia  g-«gge—Ba«-i 

Nokia  security  appliance 

supports  a  variety  of  access  methods  and  devices,  your  people  can  work  on  their 


own  terms  while  taking  care  of  business  demands.  Learn  more  today.  And  give  your 


team— and  your  business— the  advantage  of  more  mobility.  Anytime,  anywhere, 


The  "Never  in  the  Office"  Girl 


and  on  virtually  any  device. 
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Nokia  One  Business  Server 


Options  Qpenfcfc  Back 


Learn  how  to  mobilize  your  team  and  increase  business 
productivity.  Download  “The  Anytime,  Anyplace 
World”  white  paper  at  »nokiaforbusiness.com 


Metro  Mel  rime  /ore  jjm 


NOKIA 

Connecting  People 
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SabreATSE 

Services 

Architecture 

Air  travelers  and  travel  agents 
generate  12  million  shopping  and 
pricing  requests  per  day.  The  shop¬ 
ping  -  browsing  among  routes  and 
schedules  -  takes  place  on  45  four- 
CPU  HP  Linux  servers.  Once  a  flight 
has  been  selected,  its  actual  avail¬ 
ability  and  price  are  determined 
on  one  of  17  fault-tolerant  16-CPU 
HP  NonStop  servers,  which  hold 
some  79  million  fares  and  6  million 
schedules. 


Web  sites 
I/Os 
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Rules 
engine  and 
controller 


Seat 
availability 
requests 


GoldenGate  for  image 
toad  and  updates  to 
MySQL  database  replicas 


SHOPPING 
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HP  Linux  server  farm  (Itanium  and  Opteron) 
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Continued  from  page  21 
driving  through  a  snowstorm.  “Some 
people  want  to  go  70  mph  and  don’t 
worry  about  the  ditch,”  says  Craig 
Murphy,  chief  technology  officer  at 
Sabre  in  Southlake,  Texas.  “Then  there 
are  those  who  go  2  mph,  drive  on  the 
shoulder  and  white-knuckle  the  steer¬ 
ing  wheel.  But  what  we  want  to  do  is 
go  25  mph  through  the  snow  inex¬ 
orably  toward  our  destination,  which  is 
more  capability,  open  systems,  a  ser¬ 
vices  architecture,  distributed  compo¬ 
nents  and  far  lower  cost.” 

Forces  for  Change 

Three  forces  hugely  increased  the 
processing  demands  on  Sabre  systems 
over  the  years.  After  airfares  were 
deregulated  in  1979,  travel  agents  be¬ 
gan  shopping  for  both  price  and  sched¬ 
ules,  not  just  schedules.  Then,  in  the 
late  1980s,  travel  agents  began  using 


PC-based  automated  search  tools  that 
continuously  scanned  Sabre  databases 
for  the  lowest  fares.  Finally,  in  the  mid- 
1990s,  consumers  on  the  Internet 
joined  travel  professionals  in  shopping 
for  flights.  Sabre’s  processing  econom¬ 
ics  took  an  ugly  turn  as  the  “look-to- 
book”  ratio  soared.  Looking  for  the  best 
schedules  and  fares  generates  data- 
processing  costs  but  no  revenue;  it 
isn’t  until  someone  books  a  flight  that 
anyone  makes  money. 

Airlines  added  to  the  pressure  by 
asking  for  myriad  new  options  and  fea¬ 
tures,  many  of  which  could  be  added  to 
the  old  assembler  code  only  with  the 
greatest  of  difficulty,  if  at  all.  Adding  a 
new  rule,  such  as  a  discount  for  a  Sat¬ 
urday  night  stay,  could  cost  $1  million, 
Murphy  says.  Armed  with  a  $200  mil¬ 
lion  research  and  development  budget, 
the  $2  billion  company  relentlessly 
tuned  its  systems,  but  processing  costs 


continued  to  climb.  Sabre’s  IBM  Trans¬ 
action  Processing  Facility  (TPF)  main¬ 
frame  environment  in  Tulsa,  Okla., 
went  from  1,000  MIPS  in  1995  to  more 
than  10,000  MIPS  in  2001. 

To  the  Rescue 

But,  Murphy  says,  while  the  look-to- 
book  ratio  skyrocketed  and  pricing  and 
scheduling  options  proliferated,  three 
technological  forces  came  to  the  res¬ 
cue:  Moore’s  Law,  open  systems  and 
ubiquitous  standards.  Moore’s  Law  — 
which  states  that  the  amount  of  com¬ 
puting  power  available  per  dollar  dou¬ 
bles  every  18-24  months  —  enabled 
Sabre  to  assemble  a  scalable  farm  of 
powerful  servers  built  around  cheap 
commodity  processors  and  huge  mem¬ 
ories.  Open  systems  enabled  Sabre  to 
move  from  the  proprietary  and  expen¬ 
sive  TPF  environment  first  to  Unix 
and  now  to  Linux.  And  standards  such 


as  Common  Object  Request  Broker  Ar¬ 
chitecture,  the  Lightweight  Directory 
Access  Protocol  and  Java  enabled 
Sabre  to  move  the  shopping  engine  to 
a  distributed  and  extremely  flexible 
services  architecture. 

Sabre  is  now  well  past  the  midpoint 
of  its  four-year  migration  project.  Sim¬ 
ple  North  American  flights  are  on 
ATSE,  but  complex  trip  types  and 
international  flights  aren’t  yet.  Sabre 
will  move  the  booking  and  fulfillment 
functions  to  a  similar  architecture  in 
the  future. 

Murphy  says  the  cost  of  the  project 
will  exceed  $100  million,  but  he  won’t 
be  more  specific.  Results  so  far  have 
been  encouraging.  “We  sold  the  proj¬ 
ect  on  the  basis  of  reducing  total  cost 
of  ownership  by  40%, ”  he  says,  “I  actu¬ 
ally  think  we’ll  surpass  that.  Running  a 
query  —  Dallas  to  Chicago,  say  —  on 
the  new  system  is  about  80%  cheaper.” 

And,  he  says,  developers  are  getting 
100%  productivity  gains  because  they 
are  working  in  higher-level  languages 
—  Java  and  C++  —  and  because  the  ap¬ 
plication  architecture  is  so  much  easi¬ 
er  to  debug,  change  and  enhance  than 
the  old  mainframe  assembler  code. 

Finally,  airlines  are  getting  the  ability 
to  put  in  new  options  and  features 
quickly  and  cheaply.  Last  year,  Sabre 
announced  SabreSonic,  a  suite  of  ser¬ 
vices  that  enable  airlines  to  tap  into 
Sabre  systems  and  databases  in  order 
to  offer  passengers  new  services,  such 
as  streamlined  airport  check-in, 

“Changes  are  much  easier  to  do,  and 
much  less  expensive,”  says  Gianni 
Marostica,  president  of  Sabre  Airline 
Solutions.  “This  allows  us  to  imple¬ 
ment  things  airlines  think  of  on  the  fly.” 

Sabre’s  new  ATSE  architecture  is 
based  on  the  processing  characteristics 
and  reliability  requirements  of  its  major 
functions,  with  three  modules  connect¬ 
ed  by  a  LAN.  A  front-end  rules  engine 


ITS  HARO  TO  BELIEVE  that  a  system  that  now 
routinely  processes  15,000  transactions  per 
second  and  keeps  track  of  79  million  airfares 
consisted  in  the  1950s  of  a  roomful  of  Teletype 
machines,  telephones,  card  files  and  clerks. 

In  a  chance  meeting  in  1953,  American  Air¬ 
lines  Inc.  President  C.R.  Smith  and  IBM  sales¬ 
man  R.  Blair  Smith  came  up  with  a  better  idea: 
what  would  become  the  first  real-time  business 
application  of  IT. 

Sabre,  as  the  computerized  reservation  sys¬ 
tem  came  to  be  known,  was  completely  over¬ 
hauled  after  airline  deregulation  in  1979  greatly 
expanded  travelers'  choices.  During  the  1980s, 


Sabre  became  IT’s  poster  child  for  “competitive 
advantage."  People  inevitably  pointed  to  Sabre 
if  they  wished  to  prove  that  IT  made  companies 
not  only  more  efficient  but  also  more  competi¬ 
tive.  Indeed,  in  1984,  American's  competitors 
sued  the  airline,  saying  the  reservation  system 
gave  American’s  flights  an  unfair  priority  on  the 
displays  seen  by  travel  agents. 

Now  the  venerable  system  is  getting  yet  an¬ 
other  remake,  this  time  to  an  architecture  that 
would  have  been  dismissed  as  impossible  just 
10  years  ago  -  commodity  systems  using  mi¬ 
croprocessors  and  the  open-source  Linux  op¬ 
erating  system. 


1957 


IBM  and  American  Airlines  team  up 
to  form  SABRE,  the  Semi-Automatic 
Business  Research  Environment.  It’s 
based  on  SAGE,  the  Semi-Automatic 
Ground  Environment  -  the  first  major 
system  to  use  interactive,  real-time 
computing  -  which  IBM  helped  develop 
for  the  military. 


1960 


installed  in  Briarcliff  Manor,  N.Y.,  on 
two  IBM  7090  computers.  It  processes 
84,000  telephone  calls  per  day. 


The  Sabre  system,  and  its  nationwide 
network,  is  completed  at  a  cost  of 
S40  million  and  becomes  the  largest 
commercial  real-time  data-processing 
system  in  the  world.  It  saves  American 
Airlines  30%  on  labor  costs. 


The  first  Sabre  reservation  system  is 
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on  16  two-way  Hewlett-Packard  Co. 
Linux  servers  acts  as  a  master  con¬ 
troller  for  the  system,  coordinating 
services  and  I/O  across  the  LAN. 

The  master  database,  or  “database 
of  record,”  sits  on  17  fault-tolerant  16- 
CPU  HP  NonStop  S86000  servers. 
That’s  where  pricing  occurs.  Each  of 
the  272  processors  has  4GB  of  memory 
and  runs  the  NonStop  Kernel  operat¬ 
ing  system  under  the  Unix-like  Open 
Systems  Services  layer.  Data  from  the 
NonStop  boxes  is  replicated  continu¬ 
ously  by  GoldenGate  Software  Inc.’s 
data  synchronization  software  to 


SABRE  BY  THE 

NUMBERS 

> 

■  2003  sales:  S2.05  billion 

mSm 

<c 

■  Market  share,  worldwide 

21 

travel  reservations:  35% 

o 

■  Value  of  travel-related  prod- 

o 

ucts  soid  through  reservation 

UJ 

system:  S80  billion 

H* 

■  Airlines  hosted:  90 

■  Travel  agency  locations 

served  by  Sabre  Travel 

Network:  56,000 

■  Fare  changes  processed: 

1.2  million  per  day 

■  Reservation  messages 

processed  (peak): 

UJ 

15,000  per  second 

H* 

■  Shopping,  pricing  and 

w 

UJ 

availability  transactions: 

48  million  per  day 

X 

■  Shopping  choices:  79  million 

r" 

fares  and  6  million  schedules 

■  Database  size:  70GB 

(100GB  with  international) 

MySQL  AB  databases  on  a 
server  farm  containing  45 
four-way  HP  rx5670 
servers  running  Linux. 

The  Linux  servers, 
where  shopping  occurs, 
have  32GB  of  memory 
each  and  run  64-bit  Intel 
Itanium  processors.  The 
farm  may  eventually 
scale  out  to  more  than 
100  servers,  Murphy  says. 

The  idea  is  that  pricing 
—  which  is  necessary  for 
booking  —  must  have 
ultrahigh,  if  relatively  ex¬ 
pensive,  reliability.  Shop¬ 
ping,  which  often  doesn’t 
lead  to  a  booking  and 
which  is  more  demand¬ 
ing  on  CPUs  and  memory,  can  be 
offloaded  to  powerful  but  relatively 
inexpensive  servers.  Murphy  cites 
Sabre’s  exploitation  of  commodity  Lin¬ 
ux  servers  in  a  “horizontal  farm”  as 
perhaps  the  most  noteworthy  innova¬ 
tion  in  the  ATSE. 

At  the  beginning  of  the  project, 
Sabre  planned  to  put  everything  on 
NonStop,  but  shopping  was  soon  mi¬ 
grated  to  Unix  and  finally  to  Linux 
as  Sabre  gained  confidence  in  the  ar¬ 
chitecture.  Now,  Sabre  is  further  refin¬ 
ing  the  server  farm  by  moving  to  a 
“flower”  arrangement  in  which  the 
MySQL  database  replicas  are  on  64-bit 
Itanium  boxes  at  the  center  of  each 
flower,  surrounded  by  “petals”  consist¬ 
ing  of  cheaper,  64-bit  Advanced  Micro 
Devices  Inc.  Opteron  machines.  Each 
Itanium  box  is  then  a  database  server 
to  its  attached  Opteron  application 
servers,  which  can  be  configured 
more  economically  because  they  don’t 
require  the  memory  and  resources 
needed  for  the  database. 

“The  idea  is,  you  can’t  make  the 
application  cheap  enough  or  fast 


enough,”  explains  Scott 
Healy,  vice  president  for 
enterprise  systems  at 
Sabre.  “Customers  don’t 
like  waiting,  and  expand¬ 
ing  into  the  Internet  just 
means  we  get  more  and 
more  volume  we  don’t 
get  paid  for.”  He  says  it 
remains  an  open  ques¬ 
tion  as  to  just  what  func¬ 
tions  are  best  left  on  the 
ultrareliable  NonStop 
machines  and  which 
might  safely  be  moved  to 
the  cheaper  server  farm. 

Healy  says  he’s  proud 
of  his  developers’  ability 
to  move  the  shopping 
and  pricing  algorithms 
to  the  new  system  without  losing  per¬ 
formance.  “Think  of  what  the  legacy 
environment  has  —  fast  processors, 
flat  files,  assembler  language.  What  do 
you  have  going  on  your  side?  You’ve 
got  lots  of  memory,  and  we  can  man¬ 
age  it,”  he  says.  Queries  run  a  bit  faster 
now,  even  though  processing  is  more 
complicated  because  of  the  many  new 
options,  fare  types  and  the  like,  he  adds. 

“We  have  to  be  in  an  environment 
where  our  cost,  two  years  from  now,  is 
half  what  it  is  today  on  a  per-unit  ba¬ 
sis,”  Healy  says.  “The  air-shopping 
problem  will  be  more  complex,  there 
will  be  more  Internet  users  and  there 
will  be  more  [users]  internationally. 
The  only  way  we  can  meet  that  de¬ 
mand  is  by  riding  Moore’s  Law.” 

And,  Murphy  notes,  by  continuing 
at  25  mph  through  the  snowstorm. 
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CULTURE  CLASH 

Sabre  has  to  find  common  ground  between  its  veteran 
programmers  and  younger  coders: 

QuickLink  46923 
www.computerworld.com 


SHOPPING  LIST 

Sabre  Holdings  IT  managers  Craig  Murphy 
and  Scott  Healy  have  this  to  say  about  the 
company’s  key  technology  choices: 

■  NonStop  technology  from  Hewlett- 
Packard:  “We  picked  it  for  its  reliabili¬ 
ty  and  stability  and  because  it  has  an 
open  system  interface.  HP  is  commit¬ 
ted  to  it.  It  will  be  the  centerpiece  [of 
ATSE]  for  the  foreseeable  future.” 

-  Murphy 


■  Linux  from  Red  Hat  Inc.:  “It  is  more 
reliable  than  Unix  in  relatively  homo¬ 
geneous  environments.  It’s  perfect 
for  horizontal  scale  without  a  lot  of 
complexity.  We’ve  come  to  believe 
that  Linux  is  here  to  stay,  and  open- 
source  is  an  important  component  in 
the  commoditization  of  the  comput¬ 
ing  stack.”  -  Murphy 


■  MySQL  database  from  MySQL  AB: 
“We  evaluated  several  database 
managers,  and  MySQL  was  really  the 
winner  from  a  performance  stand¬ 
point,  and  it  was  certainly  the  lowest 
cost.”  -  Healy 


■  64-bit  Opteron  processors  from 
Advanced  Micro  Devices:  “Cheap, 
powerful  and  x86-compatible.  AMD 
is  very  clever.”  -  Murphy 


■  Data  Synchronization  from  Golden- 
Gate  Software  in  San  Francisco:  “They 
have  expertise  in  NonStop  and  a  will¬ 
ingness  to  work  with  us  and  innovate 
solutions.”  -  Healy 


■  The  overall  architecture:  “The  big 
innovation  is  in  the  horizontal  scaling 
and  data  replication  to  the  server 
farm,  and  in  how  we  are  able  to 
match  the  environment  to  specific 
types  of  workload.  It’s  cheap,  and  it’s 
reliable.”  -  Healy 


SYSTEM  OVERHAUL 
OBJECTIVES 


■  Reduce  total  cost  of 
ownership  40% 

■  Increasi  developer 
productivity  100% 

■  Reduce  time  to 
change  fare  rules 
by  75% 

■  Improve  access  to 
trained  workforce  by 
moving  to  common 
industry  standards 

■  Become  more 
responsive  to  airlines’ 
changing  needs 


1972 


The  Sabre  system  is  upgraded  to  IBM 
S/360  and  moved  to  a  new  consolidat¬ 
ed  computer  center  in  Tulsa,  Okla.  It  is 
used  for  all  of  American  Airlines’  data 
processing  facilities. 


1976 


The  Sabre  system  is  installed  in  a  travel 
agency  for  the  first  time,  triggering  a 
wave  of  travel  automation.  By  the  end  of 
the  year,  130  locations  have  the  system. 


1984 


Sabre  introduces  BargainFinder,  the  in¬ 
dustry’s  first  automated  low-fare  search 
capability.  Competitors  sue  American 
Airlines,  saying  its  Sabre  system  unfair¬ 
ly  gives  its  flights  priority  on  the  dis¬ 
plays  seen  by  travel  agents.  American 
agrees  to  discontinue  any  preferential 
treatment  of  its  flights. 


1985 


Sabre  introduces  easySabre,  allowing 


consumers  with  PCs  to  tap  into  the 
Sabre  system  to  make  airline,  hotel  and 
car  rental  reservations. 


1989 


On  May  12,  the  ultrareliable  Sabre 
system  goes  down  for  12  hours. 

The  cause:  a  latent  bug  in  disk-drive 
software  that  destroys  file  addresses. 


1996 


Sabre  launches  Travelocity.com. 


'■irussfi s- . “ 


AMR  Corp.,  the  parent  of  American  Air¬ 
lines,  spins  off  The  Sabre  Group  as  an  1 

independent  company. 

. 

2001  i 


.V 

Sabre  Holdings  Corp.  begins  migrating 
its  massive,  25-year-old  mainframe  sys¬ 
tem  for  air-travel  shopping  and  pricing  to 
HP  NonStop  servers  and  Linux  servers. 
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Middleware  is  Everywhere 


MIDDLEWARE  IS  IBM  SOFTWARE.  Powerful  software 
like  Tivoli®  and  WebSphere®  And  it’s  at  the  heart  of  solving 
what  analysts  call  the  key  issue  of  2004:  automation. 
IBM  middleware  is  open  and  can  deliver  it  all  at  a  pace 
to  match  your  needs.  It  anticipates  problems,  responds 
to  change  and  optimizes  resources.  And  it  all  leads  to 
meeting  business  goals.That’s  ON  DEMAND  BUSINESS. 


1.  Increased  ATM  activity  detected  instantly. 

2.  Identities  confirmed  securely. 

3.  Online  banking  increases  dramatically. 

4.  IT  resources  optimized  dynamically. 

5.  Bank  serves  customers  easily. 


Learn  more  about  middleware  and  IBM’s  leadership  role  in  automation  at  ibm.com/rniddleware/automate 
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To  guard  vital  information  and 
maintain  productivity,  companies 
are  using  software  to  enforce 
policies  that  define  acceptable 
employee  use  of  the  Internet  and 
e-mail.  BY  LINDA  ROSENCRANCE 


IT’S  11  A.M.  —  do  you  know  what  your  employees 
are  doing? 

Well,  you  do  if  you’re  like  the  increasing  num¬ 
ber  of  employers  that  are  concerned  about  the 
security  of  their  computing  environments  as 
well  as  the  productivity  of  their  employees. 

In  fact,  nine  out  of  10  companies  check  up  on  their 
employees’  online  activities  while  they’re  at  work, 
according  to  a  recent  survey  of  nearly  200  businesses 
conducted  by  the  Center  for  Business  Ethics  at  Bent¬ 
ley  College  in  Waltham,  Mass.  That’s  becau  se  more 
and  more  liability  risks  and  security  threats  are  origi¬ 
nating  from  inside  organizations  rather  than  outside. 

Employees  who  surf  the  Internet,  check  personal 
Web  e-mail,  use  corporate  e-mail  for  personal  mes¬ 
sages,  send  instant  messages  to  friends  and  family 
and  engage  in  peer-to-peer  file  sharing  can  open 
up  a  company  to  myriad  vulnerabilities. 

These  nonbusiness  uses  can  result  in  the  loss  of 
employee  productivity,  legal  liability,  decreased  net¬ 
work  availability  and  security  problems,  according  to 
a  report  released  in  January  by  Meta  Group  Inc.  in 
Stamford,  Conn. 

In  order  to  protect  their  businesses,  employers  are 
turning  to  technology  to  monitor  their  employees’ 
Internet  use. 

Chicago-based  Tennis  Corporation  of  America 
uses  a  proxy  appliance  from  Blue  Coat  Systems  Inc. 
in  Sunnyvale,  Calif.,  to  stop  viruses  from  infecting 
the  network  via  backdoor  Web  channels  such  as  IM 
systems  and  Web  e-mail,  says  Chuck  Walker,  TCA’s 
senior  network  administrator. 

Blue  Coat’s  ProxySG  appliance  also  gives  TCA 
visibility  into  the  Web  traffic  traversing  its  network 
and  allows  the  company  to  block  IM  and  deny  users 
access  to  specific  sites,  he  says. 

A  Different  View  of  Access 

“What  we’ve  done  is  changed  the  way  we  view  em¬ 
ployee  access  to  the  Internet,”  Walker  says.  “Because 
we’re  a  fitness  center,  our  employees  can  go  to  sports 
sites,  but  we’ve  pretty  much  turned  off  everything 
else.  You  start  taking  a  look  at  what  some  of  the  costs 
are  for  people  being  out  browsing  on  the  Internet.  It’s 
costing  the  company  money,  lost  productivity,  lost 
systems.  There’s  a  lot  of  things  that  are  tied  to  it.” 

In  addition,  employees  who  were  using  the  Inter¬ 
net  indiscriminately  ran  the  risk  of  unknowingly  in¬ 
stalling  spyware  or  adware  on  their  machines  and,  in 
the  process,  decreasing  corporate  bandwidth,  Walker 
says.  (To  read  more  about  spyware,  see  “Spyware 
Sneaks  Into  the  Office”  at  QuickLink  45702.) 

The  Blue  Coat  Proxy  appliance  sits  at  the  network 
gateway,  behind  the  firewall,  and  acts  as  an  interme- 
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diary  between  client  and  Web  server 
communications,  bringing  total  visi¬ 
bility  to  Web-based  user  activities 
and  allowing  enforcement  of  an  en¬ 
terprise’s  network  policies,  says 
Steve  Mullaney,  Blue  Coat’s  vice 
president  of  marketing. 

“We’ve  seen  productivity  increase 
because  you  don’t  have  personal 
trainers  sitting  down  at  their  com¬ 
puters  now  and  browsing  the  Inter¬ 
net  —  now  they’re  forced  to  go  out 
and  deal  with  the  members  on  the 
floor,”  Walker  says. 

The  Kansas  City  Chiefs  football 
team  turned  to  Vericept  Corp.’s  Net¬ 
work  Abuse  Management  Corporate 
Solution  when  the  franchise  was 
looking  for  a  tool  to  help  it  deal  with  Internet  activity 
that  fell  outside  of  its  acceptable-use  policy. 

“The  concerns  were  about  potential  problems  aris¬ 
ing  from  the  inappropriate  use  of  e-mail  or  the  Inter¬ 
net.  We  viewed  this  as  protecting  the  brand,”  says 
Richard  McOsker,  the  Chiefs’  information  systems 
director,  who  declined  to  go  into  further  detail.  “We 
were  looking  for  a  tool  that  would  perform  the  moni¬ 
toring  and  reporting  without  day-to-day  human  in¬ 
tervention.” 

Monitoring  Missteps 

The  Chiefs’  software,  based  on  Vericept’s  VIEW 
(Vericept  Intelligent  Early  Warning)  technology,  is 
installed  on  Linux-based  servers  and  plugged  direct¬ 
ly  into  a  computer  network. 

Using  sophisticated  linguistic  and  mathematical 
analysis,  the  product  passively  monitors  all  TCP/IP 
traffic  —  Internet,  intranet,  e-mail,  chat,  IM,  P2P, 

FTP,  Telnet  and  even  bulletin  board  postings  —  that 
falls  outside  of  a  company’s  appropriate-use  and 
security  policies. 

If  someone  does  step  outside  the  boundaries,  the 
abuse  is  logged,  copied  and  reported,  says  Brett 
Schklar,  senior  director  of  product  management  at 
Englewood,  Colo. -based  Vericept. 

“We  saw  a  marked  and  immediate  decrease  or 
elimination  of  the  inappropriate  use  after  [the  prod¬ 
uct]  had  been  installed  one  week,”  says  McOsker. 

In  order  to  document  and  archive  everything  its 
employees  were  doing  on  their  PCs  and  the  Internet, 
Summit  Center,  a  medical  facility  in  Flagstaff,  Ariz., 
installed  Spector  CNE  (Corporate  Network  Edition), 
from  SpectorSoft  Corp.  in  Vero  Beach,  Fla. 

“Internally,  we  had  no  ability  to  monitor  or  track 
items  coming  through  our  firewall  back  to  the  end 
user,”  says  Daniel  Anderson,  Summit’s  chief  adminis¬ 
trative  officer.  “SpectorSoft  was  the  one  package  that 
enabled  us  to  grab  screenshots  on  an  interval  that  we 
chose,  as  well  as  catch  all  e-mail  activity,  instant  mes¬ 
saging,  chats  and  keystrokes.  It  showed  evidence  of 
time,  date  stamps  and  the  logged-on  user.” 

In  addition,  by  taking  screen  snapshots,  Spector 
CNE  creates  the  digital  equivalent  of  a  surveillance 
tape  so  an  employer  can  see  the  exact  sequence  of 
everything  its  employees  do  on  the  computer,  says 
Doug  Fowler,  SpectorSoft’s  president. 

“We  store  the  files  on  a  Dell  PowerVault  data 
storage  unit,  so  the  files  are  always  available  for  me 


to  view,”  Anderson  says. 

Anderson  recently  discovered  that 
someone  was  accessing  an  illicit  Web 
site  at  night  from  a  computer  in  the 
clinic  area.  This  was  particularly 
troubling  because  Summit  employ¬ 
ees  don’t  work  at  night,  he  says.  Ulti¬ 
mately,  Anderson  tracked  the  activity 
to  the  company’s  janitorial  staff. 

“I  ran  the  basic  screenshots  as  a 
video  clip,  and  I  was  able  to  save  that 
as  an  AVI  file  and  burn  it  to  CD,”  he 
says.  “Then  I  had  a  meeting  with  HR 
people,  who  need  to  be  involved,  and 
[the  janitorial  staff],  put  in  the  CD, 
and  when  they  start  to  deny  it,  all  I 
have  to  do  is  hit  Play  and  it  speaks 
volumes.” 

Protecting  Productivity 

When  Choice  Medical  Supplies  in  Bellevue,  Wash., 
transitioned  from  terminal-based  user  technology  to 
PCs  for  its  employees,  management  was  concerned 
about  a  drop  in  productivity. 

So  the  company  installed  Websense  Enterprise, 
an  employee  monitoring  tool  from  San  Diego-based 
Websense  Inc. 

“We  had  one  particular  employee  who  was  abusing 
the  Internet,”  says  Scott  McCoskery,  technical  direc¬ 
tor  at  the  medical  supplies  company.  “After  we  in¬ 
stalled  Websense,  the  Internet  usage  plummeted 
overall,  basically  out  of  fear.” 

Websense  Enterprise,  built  on  an  Internet  filtering 
platform,  allows  employers  to  manage  employee  In¬ 
ternet  access,  block  peer-to-peer  file  sharing,  block 
IM  attachments,  manage  IM  use,  reduce  bandwidth 
by  managing  streaming  media,  protect  against  spy- 
ware  and  malicious  mobile  code  and  prevent  em¬ 
ployee  hacking,  says  Kian  Saneii,  vice  president  of 
marketing  and  business  development  at  Websense. 
The  product  filters  at  multiple  points  —  on  the  net¬ 


work,  at  the  gateway  and  on  the  desktop  —  to  pro¬ 
vide  protection  against  emerging  threats,  he  says. 

Websense  is  based  on  pass-through  filtering  tech¬ 
nology,  which  requires  all  requests  for  Web  pages  to 
pass  through  an  Internet  control  point  such  as  a  fire¬ 
wall,  proxy  server  or  caching  device.  Websense  En¬ 
terprise  is  integrated  with  these  control  points  and 
checks  each  request  to  immediately  determine 
whether  it  should  be  allowed  or  denied.  All  respons¬ 
es  are  logged  for  reporting  purposes,  but  outlawed 
sites  are  blocked  automatically. 

Websense  works  in  conjunction  with  a  master 
database  of  URLs  that  fall  into  one  of  90  categories 
and  over  6  million  Web  sites  representing  more  than 
1.5  billion  Web  pages  in  more  than  50  languages,  ac¬ 
cording  to  Saneii. 

Employers  can  configure  Websense  to  monitor  or 
block  sites  in  each  category.  Administrators  can  al¬ 
low  users  to  continue  surfmg  or  defer  access  to  sites 
in  a  particular  category  until  a  specific  time,  like  be¬ 
fore  or  after  work  or  during  lunch. 

“We  had  an  acceptable-use  policy  in  place,  but  it 
was  antiquated  because  we  were  a  mostly  terminal- 
based  company,”  says  McCoskery.  “At  the  same  time 
we  brought  Websense  on,  about  two  years  ago,  we 
updated  our  policy.” 

About  every  six  months,  employees  receive  an 
e-mail  notification,  which  they  are  required  to  sign, 
that  reminds  them  of  the  policy,  he  says. 

“The  effect  that  Websense  has  on  our  employees 
just  by  the  fact  that  it’s  there  does  far  more  than  the 
fact  that  it  actually  blocks  sites,”  McCoskery  says. 
“Having  the  guard  standing  at  the  door,  even  though 
he’s  not  saying  anything,  is  enough  to  keep  people 
from  doing  bad  stuff.”  ©  45790 


WHO  SELLS  THESE  PRODUCTS? 

For  a  list  of  companies  that  offer  products  that  employers  can  use  to 
monitor  employee  Internet  use,  visit  our  Web  site: 

QuickLink  47078 
www.computenvorld.com 


EMPLOYEE  RIGHTS  AND  RELATIONS 


THE  LAWS  GOVERNING  monitoring  of  employee 
e-mail  and  Internet  use  are  nebulous  at  best,  but  ex 
perts  agree  that  companies  should,  at  the  very  least, 
notify  workers  that  they  may  be  monitored. 

“It’s  only  fair  for  the  employer  to  notify  the  employee 
that  they  may  be,  or  are,  monitored,”  says  Beth  Givens, 
director  of  the  Privacy  Rights  Clearinghouse  in  San 
Diego.  “Notice  is  the  most  basic  of  rights  that  employ¬ 
ees  should  have  when  the  employer  is  using  any  kind 
of  monitoring.  But  legally,  they  don’t  have  to  [notify 
employees],  except  in  the  state  of  Connecticut." 

Lewis  Maltby,  president  of  the  National  Workrights 
Institute  in  Princeton,  N.J.,  says  that  because  employ¬ 
ee  monitoring  is  sometimes  a  “necessary  evil,”  em¬ 
ployers  shouldn’t  make  that  monitoring  more  intrusive 
than  it  needs  to  be. 

“When  it  comes  to  Web  site  monitoring,  employers 
don’t  have  to  spell  out  their  policies  to  employees,  al¬ 


though  it  would  be  nice  if  they  did,”  he  says.  “What 
they  should  do  is  program  their  Web  access  policy  into 
their  Web  access  software,  so  the  policy  can  be  en¬ 
forced.  If  they  would  manage  Internet  access  instead 
of  monitoring  it,  everything  would  be  fine." 

Whiie  she  says  she  understands  why  employers 
need  to  monitor  employees’  use  of  e-maii  and  the  In¬ 
ternet,  Paula  Brantner,  program  director  of  San  Fran¬ 
cisco-based  Workplace  Fairness,  says  the  roost  suc¬ 
cessful  way  to  deal  with  the  issue  is  to  articulate  a  yery 
clear  policy  upfront  and  enforce  it  evenhandediy. 

Lee  Tien,  staff  attorney  at  the  Electronic  Frontier 
Foundation  in  San  Francisco,  goes  a  step  further,  “ft’s 


mission  [to  monitor],”  he  says,  “its  dangerous  for  em¬ 
ployers  not  to  have  that  kind  of  protection." 

•  Linda  Rosencrnn: 
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companies  check  up 
on  their  employees’  online 
activities  while  they’re  at 
work,  according  to  a  recent 
survey  of  nearly  200  busi¬ 
nesses  conducted  by  the 
Center  for  Business  Ethics 
at  Bentley  College  in 
Waltham,  Mass. 
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RSS 


DEFINITION 
RSS  is  an  XML  format  for  syn¬ 
dicating  Web  content.  A  Web 
site  that  wants  to  allow  other 
sites  to  publish  some  of  its  con¬ 
tent  creates  an  RSS  document 
and  registers  the  document 
with  an  RSS  publisher.  A  user 
with  a  Web  browser  or  a  spe¬ 
cial  RSS  client  program  auto¬ 
matically  receives  notice  of 
and  links  to  new  content  on 
designated  sites  and  can  use  it 
on  a  different  site. 


ess  much.  You  still  have  to 
go  to  each  page,  load  it,  re¬ 
member  how  it’s  formatted 
and  find  where  you  were  the 
last  time.  There  has  to  be  a 
better  way. 

The  solution  is  an  interest¬ 
ing  notion  called  RSS,  which 
is  an  outgrowth  of  work  done 
at  Netscape  Communications 
Corp.,  culminating  in  1999’s 
My.Netscape.com.  (What  does 
RSS  stand  for?  That’s  a  simple 
question  with  several  different 
answers.  See  sidebar  below.) 
RSS  is  an  XML-based  format 
originally  designed  for  sharing 
headlines  and  other  Web  con¬ 
tent.  It  allows  computers  to 
automatically  fetch  and  under¬ 
stand  the  information  users 
want,  to  track  and  per¬ 
sonalize  lists  they’re 
interested  in. 

While  HTML  is  de¬ 
signed  to  present  in¬ 
formation  directly  to 
users,  RSS  is  an  auto¬ 
mation  mechanism  for  com¬ 
puters  to  communicate  with 
one  another.  RSS  feeds  can 
let  you  know  if  a  site  has  been 
updated  recently. 

RSS  forms  an  important  un¬ 
derlying  technology  for  many 
weblogs  and  portals  such  as 
My  Yahoo.  Commercial  sites 
noticed  how  RSS  turbocharged 
the  distribution  of  content, 
and  many  news  sites,  includ¬ 
ing  those  of  The  New  York 
Times,  the  BBC  and  CNN, 


have  created  RSS  feeds  to  in¬ 
crease  the  visibility  of  their 
content.  RSS  solves  many  of 
the  problems  webmasters 
face,  such  as  increasing  site 
traffic  and  the  difficulty  of 
gathering  and  distributing 
news.  RSS  can  also  serve  as 
the  basis  for  distributing  other 
types  of  content. 

How  RSS  Works 

RSS  starts  with  an  original 
Web  site  that  has  content 
available.  The  Web  site  creates 
an  RSS  feed,  sometimes  called 
a  channel,  that’s  available  just 
like  any  other  resource  or  file 
on  the  Web  server.  The  site 
registers  this  feed  in  the  form 
of  an  RSS  document,  with  a 
directory  of  RSS 
publishers. 

Once  an  RSS  feed  is 
available  on  the  Web, 
any  computer  can  reg¬ 
ularly  fetch  it.  The 
most  common  type 
of  program  to  do  this  is  called 
an  aggregator,  or  news  reader. 
Such  programs  enable  users  to 
collect  information  from  many 
different  sources  of  their  own 
selection  with  a  single,  auto¬ 
mated  application  that  checks 
RSS  feeds  regularly  and  high¬ 
lights  new  material.  O  46266 


Kay  is  a  Computerworld  con¬ 
tributing  writer  in  Worcester, 
Mass.  Contact  him  at  russkay@ 
charter.net. 


“RSS”  is  an  umbrella  term  that 

includes  at  least  seven  versions  of 
at  least  two  different  but  parallel 
formats,  all  separated  by  political 
problems.  The  original  RSS  (RDF 
Site  Summary),  Version  0.90,  was 
designed  by  Netscape  using  the 
Internet  Engineering  Task  Force’s 
(IETF)  Resource  Description  For¬ 
mat  specification  as  a  format  for 
building  portals  of  headlines  f 
news  sites. 

Netscape  soon  decided  that  this 
was  too  complex  and  proposed < 
simpler  version,  dubbed  RSS  0.! 
(the  initials  now  standing  fo 
Site  Summary).  Shortly  the 
Netscape  lost  interest  in  | 


making  and  dropped  the  project. 

An  independent  developer  of 
weblogging  products,  UserLand 
Software,  adopted  0.91  as  the  basis 
for  its  products,  and  RSS  (now  < 
acronym  for  Really  Simple  Syndic 
tion)  became  quite  popular  in 
beyond  the  blogging  commu 
In  2000,  a  new  group  \ 
to  expand  the  RSS  format  t 
elude  more  data,  going  I 
original  principles  and  I 
RSS  0.90,  using ! 
aces  and  focusing  onr 
and  extensibility.  This  RT 
shed  a  { 


UserLand’s  founder,  David  Winer, 
wasn’t  involved  in  designing  this 
new  format  and  disagreed  stron 
nth  the  direction  it  chose;  he  fa¬ 
in  further  simplific 
suggested  that  the  RSS-DE 
pick  a  different  name  for  i 
resolve  the  conflict,  butt 
chose  to  stick  with  RSS  1.C 
UserLand  continued  1 
the  original  branch  thn 
i.92, 0.93  and  0.94. 1 
proposed  RSS  2.0. 
iroup  then  prop 
lecification. 

1.0  isn’t  a  later  \ 

0.94,  no 


I  are  descendants  of 
t’s  original  Version  0.90. 
l  confusin 

ttogetbe- 
>-  as  well  as  to 
sible  standard  that 
dor-neutral,  clearly 
cified,  and  bet- 
ging  and  archiving 
jwas 

land 
tom 


BY  RUSSELL  KAY 

For  several  years,  my 
morning  information 
drill  has  gone  some¬ 
thing  like  this:  turn 
on  the  monitor,  then 
quickly  check  my  e-mail  to  see 
if  there’s  anything  that  needs 
immediate  attention.  That  out 
of  the  way,  it’s  time  to  fire  up 
the  Web  browser  and  check 
those  URLs  that  I  go  to  every 
day.  Some  are  news  sites,  some 
are  technical,  others  are  dis¬ 
cussion  forums  related  to  cur¬ 
rent  projects,  and  some  reflect 
my  interests. 

If  I’m  busy  and  don’t  get  to 
visit  every  site  —  or  perhaps 
none  at  all  for  several  days  — 
then  I’m  likely  to  get  so  far  be¬ 
hind  that  I  can’t  usefully  catch 
up  and  have  to  reconcile  my¬ 
self  to  perhaps  having  missed 
something  important. 

This  is  a  routine  familiar  to 
many  knowledge  workers.  If 
you’re  lucky,  you  may  have 
only  a  half-dozen  such  sites  to 
check  each  morning.  Or  you 
might  have  to  look  at  40  or  50, 


To  find  a  complete  archive  of  our 
QuickStudies,  go  online  to 

Ocomputerworld.com/quickstudies 


depending  on  the  work  you’re 
doing.  It’s  a  time-consuming, 
if  important,  chore,  and  even 
bookmarks,  favorites  or  tabbed 
browsers  (such  as  Mozilla  Fire- 
fox)  don’t  speed  up  the  proc¬ 


RSS 

PROGRAMS 

m  NewsGator 

NewsGator  Technologies, 
Highlands  Ranch,  Colo. 
www.newsgator.com 
Integrates  RSS  feeds  directly 
into  Microsoft  Outlook 

®  NetNewsWire 

Ranchero  Software,  Seattle 

www.ranchero.com/ 

netnewswire 

For  Mac  OS  X  users 

*  Feedreader 

www.feedreader.com 
Freeware  for  Windows 

b  NewzCrawler 

ADC  Software 
www.newzcrawler.com/ 
index.shtml 
For  Windows 

*  Radio  UserLand 

UserLand  Software  Inc., 
Danville,  Calif. 
www.radiouserland.com 
For  Macintosh  and  Windows 

For  a  more  complete  list  of  RSS 
programs,  visit  our  Web  site: 

OQuickLink  a4570 

www.computerworld.com 
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Worm  Lays  Waste 
To  IT’s  Defenses 


Politics,  project  delays  and  an  ineffective 
response  allow  for  a  Sasser  disaster. 

By  Mathias  Thurman 


■  WAS  PLANNING  to  Spend 
my  week  evaluating  disk 
encryption  products  before 
the  Sasser  worm  breached 
our  defenses.  What’s  more 
frustrating  than  the  worm, 
however,  is  the  fact  that  pro¬ 
posed  projects  that  could  have 
prevented  it  have  been  bogged 
down  for  a  number  of  reasons. 

My  team  and  I  are  almost 
done  selecting  a  patch  man¬ 
agement  product  and  - 

have  all  but  decided 
on  PatchLink  Update 
from  PatchLink  Corp. 
in  Scottsdale,  Ariz. 

We  run  a  wide  range 
of  servers  and  operat¬ 
ing  systems,  and 
PatchLink  seemed  to  work 
with  the  majority  of  them  dur¬ 
ing  our  evaluation. 

Meanwhile,  we  continue  to 
deal  with  frustrating  patching 
problems.  The  W32/Sasser  at¬ 
tack  is  the  latest  example. 

Sasser  takes  advantage  of  a 
previously  known  vulnerabil¬ 
ity  within  Microsoft’s  Local 
Security  Authority  Subsystem 
Service,  which  helps  manage 
security  and  authentication 
for  Windows  networking.  Had 
we  applied  the  appropriate 
patches  when  they  were  re¬ 
leased,  my  company  might 
have  avoided  the  worm. 

As  it  was,  we  first  realized 
that  something  had  gone 
wrong  when  the  IT  help  desk 
received  a  spate  of  calls  about 
arbitrary  system  shutdowns 
and  references  to  a  dialog  box 
indicating  an  “LSA  Shell” 
problem.  At  about  the  same 
time,  network  bandwidth  us¬ 
age  spiked. 

We  turned  to  our  in-house 
Snort  intrusion-detection  sys¬ 
tem  expert,  who  quickly  asso¬ 
ciated  the  traffic  with  Sasser. 
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This  worm  attacks  by  looking 
for  vulnerable  machines 
through  TCP  Port  445,  which 
is  used  for  Windows  network¬ 
ing.  Once  Sasser  finds  a  vul¬ 
nerable  host,  it  spreads  itself 
by  installing  a  file  transfer 
protocol  server  on  Port  5554 
and  leaves  Port  9996  open 
for  commands  to  execute.  It 
then  modifies  several  registry 
entries  and  services,  causing 
-  the  system  shut¬ 
downs.  Finally, 
it  spreads  by  scan¬ 
ning  other  systems 
for  vulnerable  hosts 
and  directing  those 
to  the  FTP  server 
port  to  download 
the  malicious  code. 

The  impact  of  Sasser  on 
my  company  was  substantial. 
Help  desk  calls  started  coming 
in  from  all  of  our  hub  sites  as 
well  as  from  overseas  and  re¬ 
mote  users  with  corporate 
Digital  Subscriber  Line  con¬ 
nections.  Although  we  knew 
we  had  to  find  every  infected 
system,  we  lacked  the  time 
and  resources  to  locate  them 
all.  So,  to  buy  time,  we  asked 
the  network  engineering 
group  to  reconfigure  the  ac- 


ln  retrospect, 
we  should  have 
anticipated  all 
of  this,  perhaps 
as  part  of  an 
incident  response 
protocol. 


cess  control  lists  on  our  net¬ 
work  devices  to  block  Ports 
5554  and  9996.  We  use  Moun¬ 
tain  View,  Calif.-based  Solsoft 
Inc.  to  centrally  manage  many 
of  our  ACLs.  Unfortunately, 
we  also  have  many  network 
devices  that  it  doesn’t  manage, 
and  we  spent  several  hours 
visiting  every  one  of  them. 

After  the  ACLs  were  updat¬ 
ed,  network  degradation  de¬ 
creased,  as  did  the  speed  at 
which  Sasser  was  spreading. 
Now  we  had  to  identify  the 
machines  that  had  Port  5554 
or  9996  open. 

Back  to  Port 

My  company  has  several  Lin¬ 
ux  servers  that  we  use  to  con¬ 
duct  automated  scanning.  We 
wanted  to  scan  every  server 
in  the  company,  but  I  had  just 
asked  the  network  engineers 
to  block  all  Port  5554  and  9996 
traffic.  The  scanners  couldn’t 
work,  so  I  had  to  go  back  to 
the  engineers  and  ask  them 
to  once  again  modify  every 
router,  firewall  and  switch. 
They  weren’t  happy,  to  put  it 
mildly. 

In  retrospect,  we  should 
have  anticipated  all  of  this, 
perhaps  as  part  of  an  incident 
response  protocol.  Instead,  we 
implemented  the  ACL  changes 
while  operating  in  firefighting 
mode,  never  even  thinking 
about  the  need  to  scan  the 
servers.  After  several  more 
hours  spent  changing  the 
ACLs  back,  we  were  finally 
able  to  scan  the  servers. 
Dozens  were  infected,  and 
most  were  in  the  engineering 
labs. 

The  security  situation  with 
our  engineering  labs  has  been 
a  point  of  contention  for  some 
time.  These  servers  typically 
aren’t  attended  to  as  diligently 
as  are  our  production  servers, 
and  unpatched  servers  are 
common.  We  recognized  this 
problem  months  ago,  and  I’ve 


been  trying  to  separate  the  lab 
machines  from  the  rest  of  the 
corporate  network.  We’ve  had 
some  success,  but  some  groups 
continue  to  resist. 

We’re  also  looking  at  using 
FortiGate,  from  Sunnyvale, 
Calif.-based  Fortinet  Inc.  This 
all-in-one  device  includes 
real-time  antivirus,  firewall, 
virtual  private  network,  and 
network  intrusion-detection 
and  -prevention  services.  We 
plan  to  place  these  devices  at 
our  VPN  gateways  to  protect 
the  company  from  users  who 
gain  access  to  the  corporate 
network  by  way  of  our  VPN 
concentrator.  Many  of  those 
users  have  installed  our  VPN 
software  on  their  home  ma¬ 
chines,  and  on  several  occa¬ 
sions,  those  PCs  have  intro¬ 
duced  malicious  code  into 
the  company. 

We  also  want  other  methods 
to  control  this,  such  as  re¬ 
stricting  remote  access  to  spe¬ 
cific  machines  by  their  media 
access  control  addresses  or  by 
using  public-key  infrastruc¬ 
ture.  Or  we  could  configure 
the  VPN  client  to  refuse  to 
connect  until  required  desk¬ 
top  virus  and  firewall  software 
is  installed  and  running. 

Next  week,  we’ll  hold  an 
interdepartmental  meeting 
that  includes  a  postmortem 
of  the  Sasser  mess  and  try  to 
improve  the  incident  response 
process.  We  have  work  to  do 
to  get  our  infrastructure  to  the 
point  where  we  can  defend 
ourselves  from  the  next  threat. 

But  for  every  technology 
change  we  propose  to  address 
the  problem,  we  must  jump 
over  a  dreadful  combination 
of  cultural,  business,  resource 
and  other  hurdles  before  the 
company  will  implement 
them.  Sadly,  even  the  most 
sensible-sounding  changes 
take  time,  so  our  inability  to 
act  quickly  and  decisively  puts 
us  at  increased  risk.  I 


WHAT  DO  YOU  THINK? 

This  week’s  journal  is  written  by  a  real  securi¬ 
ty  manager,  “Mathias  Thurman,"  whose 
name  and  employer  have  been  disguised  for 
obvious  reasons.  Contact  him  at  mathias. 
thurman@yahoo.com,  or  join  the  discussion 
in  our  forum:  QuickLink  a1590 

To  find  a  complete  archive  of  our 
Security  Manager's  Journals,  go  online  to 

0  computerworld.com/secjournal 


SECURITY  LOG 


Security  Bookshelf 

■  Network  Security  Assess¬ 
ment,  by  Chris  McNab;  O’Reil¬ 
ly  &  Associates,  2004. 

One  of  the  sur¬ 
prises  in  reading 
this  book  is  how 
quickly  my  cur¬ 
rent  books  on 
network  security 
assessment  have 
become  obso¬ 
lete.  Network  Se¬ 
curity  Assessment 
offers  up-to-date  information 
on  the  most  commonly  ex¬ 
posed  and  exploited  areas  of 
network  security,  as  well  as  a 
comprehensive  discussion  on 
new  tools  and  exploits. 

The  author  methodically 
and  thoroughly  explains  sub¬ 
jects  ranging  from  common 
Unix  and  Windows  vulnerabili¬ 
ties  to  perhaps  lesser-known 
Oracle  and  Citrix  issues.  I 
found  the  chapter  dedicated 
to  general  application  security 
issues  particularly  useful.  If 
you  haven’t  reviewed  what  is 
state-of-the-art  in  security 
assessment  lately,  this  title 
makes  for  a  good  reference. 

-  Mathias  Thurman 


WebShieldAdds 
Content  Ritering 

Network  Associates  Inc.  is 
adding  policy-based  Web  con¬ 
tent  filtering  to  its  WebShield 
line  of  security  appliances, 
which  offer  antiyirus  protec¬ 
tion,  Web  content  scanning 
and  optional  antispam  protec¬ 
tion  features. 

With  WebShield  Appliance 
3.0,  administrators  can  create 
policies  for  users  or  groups 
and  then  monitor  both  inbound 
and  outbound  traffic  to  ensure 
compliance.  Currently  in  beta 
testing,  Version  3.0  is  expect¬ 
ed  to  ship  in  the  third  quarter. 

The  Santa  Clara,  Calif.- 
based  company  also  released 
its  McAfee  LinuxShield  anti¬ 
virus  software  for  servers 
running  distributions  of  Linux 
from  Red  Hat  Inc.  and  Novell 
lnc.’s  SUSE  Linux. 

The  WebShield  appliance 
starts  at  $1,700.  LinuxShield 
pricing  starts  at  $22  per  user. 
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Dell  Introduces 
X30  Pocket  PC 


Dell  Inc.  introduced  three  hand¬ 
held  Pocket  PCs  based  on  Intel 
Corp.’s  PXA270  processor.  The 
Axim  X30  comes  in  three  ver¬ 


sions.  The  $349  top-end  model 
runs  at  624  MHz,  supports  Wi-Fi 
and  Bluetooth  wireless  technolo¬ 
gies,  and  has  a  sync/recharge 
cradle  and  an  extra  battery.  A 
$279  version  runs  at  312  MHz 
and  includes  dual-mode  wireless 


and  a  travel  sync  cable.  A  non¬ 
wireless  version  of  the  Axim  X30 
is  priced  at  $199.  All 
three  configura¬ 
tions  have  a 
Secure  Digital  I/O 
slot  and  a  3.5-in. 
transflective  240-  by 
30-pixel  thin-film  tran¬ 
sistor  color  display  and 
weigh  4.9  oz. 


Intellectual  Property 
Service  Launched 

Black  Duck  Software  Inc.  in 
Waltham,  Mass.,  is  making  its  in¬ 
tellectual  property  analysis  and 
risk  assessment  tools  for  open- 
source  software  development 
available  as  a  service.  ProtexlP, 
a  service  designed  for  developers 
and  attorneys  or  legal  depart¬ 
ments,  uses  a  database  to  auto¬ 
matically  recognize  when  any  of 
thousands  of  open-source  pro¬ 
grams  have  been  inserted  into 
source  code  and  informs  users  of 
potential  licensing  conflicts.  Sub¬ 
scription  pricing  starts  at  $2,500 
per  year  for  developers  and 
$25,000  annually  for  attorneys. 


ILM  Tool  Debuts 

Computer  Associates  Internation¬ 
al  Inc.  announced  its  first  infor¬ 
mation  life-cycle  management 
product  last  week.  BrightStor 
Document  Manager  creates 
metadata  associated  with  every 
document  and  class  of  document 
and  uses  the  metadata  to  track 
history,  status  and  relationships 
throughout  the  document  life  cy¬ 
cle.  The  product  is  available  now, 
with  prices  starting  at  $20,000 
for  a  server  supporting  50  users. 
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Not  So  Fast  for 
Enterprisewide  Analytics 


SOFTWARE  IS  ENTERING  the  Age  of  Analytics. 

Buzzwords  fly  fast  and  furious:  Predictive  an¬ 
alytics.  Enterprise  reporting.  Analytic  applica¬ 
tions.  Sarbanes-Oxley  compliance.  BPM,  CPM, 
EPM.  Metrics  and  dashboards.  Three  key 
performance  indicators,  two  turtledoves,  a  scorecard 


and  a  few  decision  trees. 

And  if  there  aren’t  enough 
for  you  already,  it’s  time  to 
get  ready  for  the  next  blaz¬ 
ing  software  industry  buzz¬ 
word:  “enterprise  analytics,” 
a  catchall  term  describing 
analytic  technology  de¬ 
ployed  across  a  whole  enter¬ 
prise.  Enterprises  want  to 
whittle  down  their  list  of 
analytics  vendors.  Business 
intelligence  (BI)  vendors  are 
racing  to  offer  soup-to-nuts 
enterprise  analytics  product 
suites,  application  software  vendors  are 
trying  to  beat  them  to  the  punch,  and 
Oracle  claims  to  have  occupied  the  high 
ground  for  years.  If  “enterprise  analytics 
solutions”  catch  on,  just  about  every¬ 
body  will  benefit. 

Unfortunately,  it  won’t  be  quite  that 
easy.  Very  few  organizations  have  ever 
deployed  true  enterprisewide  analytics 
technology.  Indeed,  even  the  BI  vendors 
themselves  generally  haven’t  rolled  it 
out.  And  there  are  good  reasons  for  this. 

The  major  problems  inhibiting  enter¬ 
prise  adoption  aren’t  in  the  technology 
itself,  which  on  the  whole  is  delightfully 
real  and  affordable.  BI  and  other  analytic 
technologies  are  much  cheaper  to  buy 
and  install  than  OLTP  application  suites. 
Recent  Bl-oriented  advances  in  relation¬ 
al  database  technology  make  even  huge 
data  warehouses  scalable.  True,  data  in¬ 
tegration  and  quality  issues  are  often 
messy  when  you  build  or  expand  a  data 
warehouse,  and  dealing  with  them  isn’t 
fun  or  cheap.  But  even  when  integrating 
analytical  data  gets  expensive,  it’s  usual¬ 
ly  still  a  lot  cheaper  than  transactional 
application  integration. 

Instead,  the  main  challenge  is  the  one 
that  stretched  the  adoption  of  transac¬ 


tion-processing  applications 
across  several  decades:  busi¬ 
ness  process  change.  Enter¬ 
prises  employ  people,  and 
people  generally  don’t  like 
to  change  the  way  they  do 
things. 

Actually,  the  problem  may 
be  even  worse  than  it  has 
been  for  transaction-pro¬ 
cessing  applications.  Con¬ 
trolling  and  changing  how 
your  managers  work  is  a  lot 
harder  than  transforming 
the  activities  of  your  data 
entry  operators,  shipping  clerks  and  oth¬ 
er  low-level  transaction  processors.  If 
your  CEO  really  hopes  to  create  an  en¬ 
terprisewide  culture  of  sober,  rational, 
unbiased  numbers-driven  decision-mak¬ 
ing,  that  project  could  take  decades. 

There’s  another  side  to  the  problem: 
Many  people  just  don’t  feel  comfortable 
dealing  with  numbers.  That’s  usually  not 
a  problem  for  MBAs  or  for  engineers 
and  other  technically  literate  sorts.  But 
too  many  other  folks  are  instinctively  re¬ 
sistant  to  anything  that  brings  more 
mathematics  into  their  lives. 

Fortunately,  none  of  this  means  that 
your  organization  can’t  introduce  new 
and  better  analytical  business  processes. 
You  just  have  to  do  it  a  chunk  at  a  time. 
And  there  are  several  areas  in  which  an¬ 
alytic  technologies  have  already  racked 
up  success  after  success,  transforming 
how  enterprises  do  business.  So  I’ll  con¬ 
clude  on  a  happy  note,  by  reviewing 
some  of  the  areas  in  which  the  analytic 
technologies  dream  is  being  lived  today. 

Marketing  executives  have  long  been 
taught  to  test,  test,  test  any  element  of  a 
marketing  campaign  that  they  can.  Over 
the  past  decade,  sophisticated  tools  in 
data  mining,  profitability  analysis  and 
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the  like  have  taken  marketing  analytics 
to  a  whole  new  level.  Success  stories 
abound  in  a  whole  range  of  marketing- 
oriented  industries:  retail,  consumer 
products,  travel/hospitality,  financial 
services,  telecommunications  and  even 
charitable  fundraising. 

Vendors  of  corporate  planning  tools 
will  tell  you  that  they  can  transform  your 
whole  business  planning  process,  with 
every  line  manager  frequently  and  accu¬ 
rately  updating  corporate  performance 
expectations.  That  transformation  rarely 
happens.  However,  when  these  tools  are 
given  to  finance  and  budget  specialists, 
their  work  is  changed  for  the  better. 

More  generally,  business  processes  of 
many  kinds  have  been  transformed  by 
automated  performance  monitoring,  in 
areas  as  diverse  as  manufacturing,  ser¬ 
vice  logistics,  sales  operations,  recruit¬ 
ing  and  consumer  loan  performance. 
Sometimes  the  analytics  are  built  into 
ERP  or  CRM  systems,  and  sometimes 
they  come  from  third-party  BI  tools.  Ei¬ 
ther  way,  they’re  a  big  boost  to  profits 
and  customer  satisfaction. 

Stakeholder  reporting  is  a  huge  area  of 
opportunity.  Information  self-service  has 
transformed  business  processes,  reach¬ 
ing  all  kinds  of  constituents:  retailers’ 
suppliers,  credit  card  companies’  sell- 
side  customers  and  even  citizens  served 
by  local  governments.  Meanwhile,  regu¬ 
latory  compliance  requires  ever  more 
careful  analysis  and  reporting. 

Finally,  dashboards  may  be  excessively 
hyped  —  but  the  reality  is  pretty  cool 
too.  Most  of  the  benefits  from  analytic  ■ 
technologies  over  the  years  have  come 
from  shoving  reports  in  people’s  faces 
until  they  discover,  often  serendipitous- 
ly,  useful  facts  about  their  business. 
Dashboards  provide  a  much  more  enjoy¬ 
able  way  of  consuming  the  same  infor¬ 
mation  —  especially  if  there’s  some  pre¬ 
text  to  include  a  clickable  map  —  and 
wider  dissemination  of  information 
dashboards  can  only  lead  to  better- 
informed  business  decisions.  ©  47140 


WANT  OUR  OPINION? 

©For  more  columns  and  links  to  our  archives,  go  to 

www.computerworld.com/opinions 


Killing  Time  on  IT  Projects 

Time  is  the  bane  of  project  man¬ 
agers.  Here  are  some  tips  from 
project  management  veterans  to 
help  keep  you  and  your  team 
from  wasting  it.  Page  36 


OPINION 

Time  to  Get  Back  to  Basics 

Sure  IT  projects  are  complex,  but  let’s 
not  get  carried  away,  says  Catherine  A. 
Tomczyk.  Most  of  what  she  needs  to 
know  to  keep  projects  on  track  she 
learned  in  kindergarten.  Page  41 
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Boutique  Shopping 

Specialized  IT  consulting  firms 
can  add  deep  experience  and 
agility  to  IT  projects.  But  there 
are  risks  if  you  choose  to  work 
with  a  niche  firm.  Page  38 
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Taking  outsourced 
IT  functions  back 
inside  is  tricky,  but 
planning  ahead  can 
minimize  the  risk. 
By  Alan  R.  Earls 

LLEN  BARRY  (left),  CIO 
of  the  Metropolitan  Pier 
and  Exposition  Authority, 
the  organization  that 
runs  Chicago’s  giant 
McCormick  Place  conven¬ 
tion  center,  faced  a  prob¬ 
lem  when  she  came  aboard  in  2000.  Net¬ 
working  and  technical  support  services 
were  being  handled  on  an  event-by-event 
basis  by  an  outsourcer  under  a  contract 
dating  from  the  mid-1990s.  As  a  result, 
every  time  a  show  came  into  the  2.2  mil- 
lion-square-foot  facility,  a  new  network 
had  to  be  put  in  place  from  scratch, 
adding  expense,  complexity  and  risk  for 
McCormick  and  its  customers. 

Barry,  who  had  previously  helped  out¬ 
source  a  number  of  IT  functions  when  she 
worked  for  the  city  of  Chicago,  decided  to 
insource.  She  viewed  the  ability  to  meet 
the  needs  of  exhibitors  as  a  critical  func¬ 
tion  for  her  organization,  not  something 
that  should  be  passed  to  an  outside  ven  ¬ 
dor.  Building  capacity  in-house  would  let 
her  create  a  flexible  infrastructure  that 
could  be  adapted  to  each  show’s  needs. 

Although  Barry  says  she  didn’t  reckon 
on  the  tenacity  of  the  outsourcer,  which 
pulled  every  political  string  in  the  state 
to  hang  on  to  the  job,  she  did  prepare  a 
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STEP  BY  STEP 


functions  back  inT 


Perform  a  detailed  business  anajysis  of  the  costs  and  benefits  of  the  proposed  insourcing, 
including  the  strategic  value  of  insourcing  and  the  potential  risk. 

Develop  a  detailed  transition  plan  defining  effective  processes  for  taking  back  each  function. 
Use  your  best  IT  people  for  the  plan  and  the  transition. 

Work  with  internal  IT  professionals  to  validate  all  assumptions, 
plans  and  risks. 

Consider  employing  the  best  of  the  outsourcer’s  staffers.  Bringing  them  over  may  reduce 
issure  your  business  i 


risk  and  reassure  your  t 


i  units. 


Look  at  the  risks  associated  with  the  role  each  of  the  outsourcer’s  staffers  plays  in  the  delivery  of 
service  through  the  transition.  Make  plans  to  minimize  any  potential  for  security  breaches  or  service 
degradation. 

Include  the  IT  governance  team,  the  business  unit  leads  and  senior  management 
in  the  decision-making  process. 


Keep  the  decision  process  confidential.  If  the  outsourcer  becomes  aware  of  a  potential  change 
before  a  decision  is  made,  the  relationship  could  be  damaged  -  which  can  be  particularly  serious  if  you 
decide  not  to  go  through  with  the  insourcing. 

Explain  to  the  outsourcer  the  reasons  for  the  insourcing  in  detail  and  the  need  for  it  to  continue  to 
provide  services  through  the  transition.  If  your  reasons  for  insourcing  are  strategic  and  the  outsourcer 
has  performed  to  expectations,  provide  assurances  that  its  reputation  will  be  upheld. 

Communicate  with  internal  customers  about  the  decision  and  the  plans  for  transition,  and  maintain 
close  communication  throughout  the  transition. 

Collocate  internal  staff  with  the  outsourcer’s  staff  during  the  transition  to  make  sure  that  all 
aspects  of  the  service-delivery  processes  are  understood  and  that  the  outsourcer  will  continue 
to  work  in  good  faith  during  the  transition. 

Provide  incentives  as  appropriate  to  the  outsourcer  to  minimize  the  anxiety  over  the  contract  change, 
and  be  sure  that  all  terms  and  conditions  of  the  contract  remain  in  place  until  full  transition  occurs. 

Continually  evaluate  each  aspect  of  the  transition  until  it’s  completed,  focusing  on  any  areas  of 
risk.  Keep  all  business  units  advised  of  progress. 

Stay  focused  on  the  value  of  the  opportunity  despite  the  difficulties. 


thorough  plan  of  action.  Thanks  to  that 
planning,  she  managed  the  transition 
on  schedule  and  without  problems. 

Barry  isn’t  alone.  Many  IT  organiza¬ 
tions  decide  for  a  variety  of  reasons 
that  an  outsourcing  arrangement  just 
isn’t  working,  and  they  pull  those  func¬ 
tions  back  inside.  It’s  not  a  trivial  un¬ 
dertaking.  There  are  a  host  of  chal¬ 
lenges,  not  the  least  of  which  is  the 
likelihood  that  your  organization’s 
knowledge  base  has  probably  eroded 
during  the  time  the  function  has  been 
outsourced.  However,  IT  managers 
who  have  insourced  say  it  can  be  done, 
with  planning  and  resourcefulness. 

Outsourcing  Realities 

Outsourcing  is  a  tricky  business,  and 
the  engagements  don’t  always  end 
well.  A  recent  study  by  DiamondClus- 
ter  International  Inc.  titled  “2004 
Global  IT  Outsourcing”  reveals  that 
more  than  a  fifth  of  outsourcings  by 
the  survey’s  182  participants  in  the  pre¬ 
vious  calendar  year  ended  premature¬ 
ly.  However,  only  a  quarter  of  those 
dissatisfied  with  outsourcing  bring  the 
work  back  in-house,  says  Tom  Weak- 
land,  managing  partner  at  Chicago- 
based  DiamondCluster. 

“The  odds  are  that  if  you  outsourced 
it  to  begin  with,  it  probably  wasn’t  a 
strength,”  he  explains.  “Furthermore,  it 
takes  time  to  re-establish  the  organiza¬ 
tion  and  transition  the  outsourcer’s 
best  practices.” 


If  you’re  considering  pulling  an  out¬ 
sourced  IT  function  back  in-house,  be 
sure  you  fully  understand  your  situa¬ 
tion  and  have  looked  at  all  the  issues. 
For  starters,  there’s  plenty  of  disagree¬ 
ment  about  what  should  validly  trigger 
an  end  to  an  outsourcing  deal. 

A  Last  Resort 

“Termination  clauses  should  be  invoked 
only  in  cases  of  egregious  nonperfor¬ 
mance,”  says  Alex  Kozlov,  director  of 
marketing  at  Compass  America  Inc.,  a 
consulting  firm  in  Oak  Brook,  Ill.  “The 
termination  penalty  should  be  stiff  if 
the  client  walks  away  without  cause.” 

But  Paul  Roy  disagrees.  “Reserve  the 
right  to  terminate  for  convenience: 
mergers,  acquisitions,  changes  in  mar¬ 
ket,”  says  Roy,  a  partner  at  Chicago- 
based  law  firm  Mayer,  Brown,  Rowe  & 
Maw  LLP.  “Usually  there  is  a  cost,  but 
that  can  be  anticipated  and  mitigated 
by  taking  over  contracts,  buying  assets 
and  hiring  people  so  the  supplier  ends 
up  less  stranded  by  costs.” 

There  is  no  right  or  wrong  answer  to 
the  trigger  question.  Everything  de¬ 
pends  on  what  is  spelled  out  in  the 
outsourcing  contract,  so  address  these 
issues  in  detail,  Roy  says. 

Before  pulling  the  plug,  make  sure 
your  strategy  is  sound.  When  Michael 
Palmer,  CIO  at  Allied  Office  Products 
Inc.  in  Clifton,  N.J.,  made  a  wholesale 
shift  from  outsourcing  to  insourcing 
in  2002,  he  used  the  transition  as  a 
chance  to  review  his  IT  strategy. 

“We  had  initially  outsourced  the  en¬ 
tire  Web  development  and  mainte¬ 
nance  piece,  from  soup  to  nuts,  for 
about  $2.5  million  a  year,”  he  says.  But 
the  Web  was  becoming  a  crucial  cus¬ 
tomer  interface,  and  with  a  goal  of  gen¬ 
erating  at  least  a  quarter  of  all  compa¬ 
ny  revenue  through  that  channel,  it 
was  too  strategic  to  outsource.  In  con¬ 


trast,  Allied  chose  to  outsource  billing 
of  its  16,000  customers  to  a  vendor 
with  strong  expertise  and  potential 
economies  of  scale  in  that  area. 

In  Barry’s  case,  insourcing  led  to  a 
new  networking  strategy.  “We  totally 
redesigned  the  approach  to  network¬ 
ing  and  decided  to  add  connections  to 
the  Hyatt  hotel,  which  is  also  owned  by 
[the  Metropolitan  Pier  and  Exposition 
Authority],  and  also  the  Navy  Pier 
facility,  three  miles  away,”  she  says. 

Insourcing  veterans  recommend 
considering  the  following  issues: 

■  Understand  your  existing  outsourc¬ 
ing  relationships,  not  only  on  a  contrac¬ 
tual  level  but  also,  if  possible,  on  a  day- 
to-day  level.  Know  what  work  is  being 
done  and  how. 

■  Compare  your  operations  with  others 

to  help  determine  the  pros  and  cons  of 
insourcing. 

■  Understand  your  internal  costs  so 

that  you  can  make  a  reasonable  choice 
between  insourcing  and  outsourcing. 

■  Realize  the  true  costs  of  taking 
something  back.  Many  outsourcing 
arrangements  involve  off-balance- 
sheet  transactions  for  things  like  hard¬ 
ware  that  you  will  need  to  replace. 

■  Look  inward.  It’s  critical  to  know 
what  additional  resources  you’ll  need 
internally  and  what  kind  of  manage¬ 


ment  support  you’ll  get.  Will  you  need 
to  hire  more  people?  Will  you  get  full 
support  from  above,  or  will  you  meet 
strong  internal  resistance?  Barry’s  out¬ 
sourcer  appealed  to  the  state  legisla¬ 
ture  and  other  politicians  in  an  attempt 
to  halt  the  insourcing.  But  she  had 
built  an  airtight  case  and  got  support 
from  key  people  in  her  organization. 

■  Convince  employees  that  the  in¬ 
sourcing  will  work,  and  give  them  the 
right  tools  and  training  to  succeed. 

■  Build  some  wiggle  room  into  the 
transition  plan.  Don’t  commit  to  a  spe¬ 
cific  deadline  for  shifting  the  work; 
make  it  a  window  of  60  to  90  days. 

“You  must  find  your  own  philosophy,” 
says  Palmer.  “Ours  is  that  if  it  touches 
the  customer,  it  needs  to  be  flexible.” 
When  dealing  with  an  outsourcer,  he 
says,  that  requirement  for  flexibility 
translates  into  a  carefully  crafted 
service-level  agreement  and  “a  well- 
defined  exit  lane”  from  the  contract  if 
it  no  longer  fits  Allied’s  needs.  For  ex¬ 
ample,  low  transaction  volumes  or 
changes  in  business  strategy  would 
pave  the  way  for  Allied  to  bring  its  out¬ 
sourced  functions  back  home.  ©  46624 


Earls  is  a  freelance  writer  in  Franklin, 
Mass.  You  can  contact  him  at 
alan@alanearls.com. 


TERMINATION 

Reason  the  customer  terminates: 

MATRIX 

Conve¬ 
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Cause  A  Cause  B 

Vendor  Customer 
acquired  acquired 

Force 

majeure 

Vendor  will  provide 
transition  services. 

X 

X  X 

X  X 

X 

Vendor  wilt  pay  customer’s 
transition  costs. 

X 

X 

Customer  will  pay  vendor’s 
demobilization  costs. 

X 

X 

Customer  will  pay 
a  termination  charge. 

X 

X 

Vendor  will  sol!  the  trans¬ 
ferred  assets  to  customer 
at  a  specified  value. 

X 

X  X 

X  X 

X 
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S^!W  4n:4htsi.6i‘V(fg  fir'ran'getnpnt  terminates  are  as  crucial  as  any  part  of  the  agreement, 
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v  eiip'jw.fhi*  rfjtkte  and  responsibilities  of  both  parties  under  various  termination  scenarios, 
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AIRBUS  UK: 

Running  HP-UX  11  i 
on  HP  Integrity  servers, 
20-30  wing  design 
simulations  that  used 
to  take  weeks  are 
now  done  overnight. 

COMPUSA: 

Going  with  64-bit 
architecture  using  HP 
Integrity  servers,  they  cut 
access  time  to  inventory 
data  by  up  to  85%. 

FIAT  AUTO: 

Standardizing  on  64-bit 
infrastructure  using  HP 
Integrity  servers,  they're 
integrating  and  enhancing 
sales  and  service  as  well 
as  streamlining  the  buying 
process  while  lowering 
sales  cost. 

THE  KOEHLER  GROUP: 
Moving  to  an  environment 
composed  of  HP  Integrity 
servers,  they  gained  a  50% 
improvement  in  mission- 
critical  performance. 

RAYMOND  JAMES: 
Deploying  HP  Integrity 
servers,  this  financial 
advisory  company  is 
showing  a  five-fold 
performance  increase 
over  their  previous 
32-bit  systems. 
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NuimTime 


IT  projects  are  notorious  for  coming 
in  late.  Here  are  some  of  the  worst 
time-killers  that  project  managers 
can  stumble  into  -  and  how  to 
avoid  them.  By  Lucas  Mearian 


TIME.  It’s  the  bane  of  project  managers.  Despite  all 
the  advances  in  project  management  process  and 
professionalism,  too  many  IT  projects  still  come  in 
late.  Project  managers  waste  time  by  charging  ahead 
too  fast,  communicating  poorly  or  allowing  their 
teams  to  get  bogged  down  in  stakeholder  indecision, 
technical  minutiae  or  business  politics.  But  by  plan¬ 
ning,  setting  standards  and  making  sure  project  team 
members  are  on  the  same  page,  you  can  avoid  wast¬ 
ing  time.  Here  are  nine  notorious  project  time- 
wasters  and  how  to  avoid  them. 

Rushing  in.  If  you  “save  time”  by  skimping  on 
analysis  and  design,  you  probably  won’t  correctly  de¬ 
fine  business  requirements  upfront,  says  Lois  Zells,  a 
project  management  consultant  in  Redondo  Beach, 
Calif.  This  will  come  back  to  haunt  you  during  test¬ 
ing,  she  says,  when  developers  discover  that  they 
missed  some  important  business  need,  or  response 
time  is  seriously  degraded  because  of  a  poor  design. 
Then  testing  will  take  “10  times  longer  than  it 
should,”  she  says.  The  solution:  Resist  the  temptation 
to  shortchange  analysis  and  rush  into  development. 

A  rule  of  thumb  for  project  managers  is  that  for 
every  hour  of  planning,  you  save  three  hours  of  work. 

The  life-cycle  rut.  Some  project  managers  still 
use  a  “waterfall”  or  “phase-gate”  life  cycle,  which  is 
designed  to  yield  fewer  defects  but  draws  out  project 
time,  says  Johanna  Rothman,  president  of  Rothman 
Consulting  Group  Inc.  in  Arlington,  Mass.  Other  proj- 


ON  IT  PROJECTS 

ect  life  cycles  provide  alternatives  that  reduce 
defects  without  affecting  speed,  she  adds. 
Don’t  choose  a  life-cycle  model  just  because 
it’s  the  one  you’ve  always  used.  Look  into  al¬ 
ternatives  that  address  the  project  at  hand. 

Poor  communication.  When  projects  get 

bogged  down,  it’s  often  because  of  a  lack  of 
communication,  says  Mark  Brooks,  a  project 
team  leader  at  a  large  financial  services  firm  that 
he  declines  to  name.  Team  members  may  waste  time 
on  a  problem  if  they  don’t  know  that  another  team 
member  has  the  solution.  To  avoid  this,  Brooks  set  up  a 
telephone  bridge  that  remains  open  all  day.  The  bridge 
saved  the  day  recently  when  a  hard  drive  controller 
failure  on  a  backup  production  server  threatened  to 
halt  a  project.  “But  when  everybody  jumped  on  the 
audio  bridge,  we  found  out  there  was  another  server 
chassis  in  another  part  of  the  data  center,”  Brooks  says. 
The  team  transferred  the  backup  hard  drives  into  the 
new  chassis  and  had  a  new  backup  server  running  in 
45  minutes.  The  project  continued  on  schedule. 

Excessive  research.  Project  teams  can  waste 

weeks  sifting  through  industry  white  papers  on  prod¬ 
ucts  and  architectures,  says  Kevin  Gungiah,  director 
of  systems  administration  at  The  Weather  Channel 
Interactive  Inc.  in  Atlanta.  Moreover,  it’s  often  hard 
to  tell  hype  from  reality.  “I  found  there  was  a  lot  of 
marketing  for  what  I  wanted  to  do,  but  the  solutions 
just  weren’t  there  yet,”  he  says.  All  that  research  can 
be  nearly  useless  anyway,  since  vendor  labs  can’t 
replicate  conditions  in  your  data  center,  he  says.  It’s 
quicker  and  more  useful  to  call  as  many  customer 
references  as  possible  to  see  what  their  experiences 
with  a  product  have  been.  Gungiah  also  recommends 
testing  technologies  on-site  prior  to  purchasing  them. 

Untamed  e-mail.  Important  e-mail  messages  ex¬ 
changed  among  project  team  members  can  get  lost 


amid  the  spam,  wasting  precious  time.  At  the  begin¬ 
ning  of  a  project,  Brooks  establishes  a  standards  team 
that  creates  a  six-letter  acronym  to  be  used  in  the 
subject  line  of  every  e-mail  that  deals  with  the  proj¬ 
ect.  “That  enables  people  to  use  the  Outlook  rules  bar 
to  look  for  that  acronym  and  move  it  to  a  project  fold¬ 
er,”  says  Brooks.  He  also  recommends  including  an 
action  item  in  an  e-mail  title  or  in  the  first  three  lines 
of  a  message  so  it  will  show  up  in  the  preview  page 
of  Outlook.  “That  way,  without  opening  their  e-mail, 
they  can  see  you  want  them  to  do  work,”  he  says. 

Indecision.  Business  stakeholders  waste  project 
time  when  they  can’t  decide  on  issues  ranging  from 
technical  standards  to  which  worldwide  offices  must 
comply  with  an  upgrade.  “You’re  in  the  middle  of  a 
project,  a  business  issue  needs  to  be  resolved,  and 
everything  stops,”  says  Larry  Sisemore,  an  interna¬ 
tional  manager  of  systems  development  at  FedEx 
Gorp.  in  Colorado  Springs.  Although  business  deci¬ 
sions  can  be  highly  political  and  sensitive,  “project 
managers  need  to  be  assertive”  and  push  for  closure, 
he  says.  When  assertiveness  isn’t  enough,  contact  the 
business  manager  who  owns  the  project  and  tell  him 
the  delay  could  cost  him  the  deadline,  says  William 
Telkowski,  chief  technology  officer  at  J.R  Morgan 
Chase  &  Co.’s  I-Solutions  group.  If  the  business  man¬ 
ager  cares,  he’ll  make  sure  the  problem  is  addressed, 
Telkowski  says. 

Obsessing.  IT  workers  often  get  so  focused  on  a 
problem  that  they  lose  track  of  time.  “What  was  ‘just 
a  minute’  drags  on  for  a  week  or  two,”  says  Catherine 
Tomczyk,  a  project  manager  at  First  Data  Corp.  in 
Greenwood  Village,  Colo.  The  solution:  “We  put  in 
our  rules  that  if  someone  is  stuck  on  a  problem  for 
more  than  eight  hours,  we  escalate  it  and  assign  a 
buddy  to  help  them,”  she  says. 

Between-meeting  paralysis.  When  problems 

pop  up  the  day  after  the  weekly  meeting,  a  week  can 
go  by  before  they’re  addressed,  says  Tomczyk.  As  the 
deadline  approaches,  she  schedules  10-  or  15-minute 
daily  meetings  with  her  project  team  to  ensure  that 
problems  are  addressed  as  soon  as  they’re  discovered. 

Embellishment.  Many  developers  just  don’t 
know  when  to  quit,  says  Rothman.  “[They]  have  a 
passion  for  excellence  and  will  embellish  or  add 
more  features  than  were  originally  planned  for  a 
project  if  they  think  they  have  more  time,”  she  ex¬ 
plains.  Rothman  uses  release  criteria  to  define  what 
“done”  means  so  the  team  knows  when  to  stop.  For 
example,  if  a  project’s  design  calls  for  certain  func¬ 
tions  to  be  done  manually,  she  clarifies  exactly 
where  the  automation  ends.  ©  46803 
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outique 
hopping 

Small,  specialized  IT  consulting 
firms  can  add  deep  experience 
and  speed  to  IT  projects.  But 
there  are  risks  to  be  managed. 


BY  MARY  BRANDEL 

CIO  jean  delaney  nelson  learned  important 
lessons  about  using  small  “boutique”  con¬ 
sulting  firms  from  a  mistake  she  made  10 
years  ago.  When  Minnesota  Life  Insurance 
Co.  was  moving  to  client/server  computing, 
Delaney  Nelson  signed  a  contract  with  a 
small  consulting  firm  to  advise  on  the  over¬ 
all  strategic  shift  as  well  as  the  implementation  de¬ 
tails.  But  the  firm  just  wasn’t  up  to  doing  both  jobs. 

“We  learned  that  boutiques  work  better  in  a  specific, 
defined  way,  like  when  you’re  asking,  ‘What’s  the  best 
tool  to  do  this  particular  thing?’  ”  Delaney  Nelson  says. 


The  Right  Fit 

The  most  important  thing  is  knowing  when  a  bou¬ 
tique  is  the  best  choice.  The  main  indicator  is 
when  you  need  depth  —  not  breadth  —  of  experi¬ 
ence.  Three  years  ago,  Janet  Burns  at  The  New  York 
Times  Co.  cast  a  wide  net  when  she  needed  help 
writing  a  project  management  methodology  and 
training  IT  workers  in  that  methodology.  Ultimately, 
Burns  selected  Project  Management  Solutions  Inc. 
over  some  larger  contenders. 

“It  was  important  that  we  chose  somebody  who 
was  100%  project-management-focused  and  could 
have  an  immediate  impact,”  says  Burns,  director  of 
project  management  for  corporate  IT.  “With  a  larger 
firm,  it  seemed  like  something  they  were  trying  to 
add  to  their  list  of  services.” 

Boutiques  can  also  help  to  speed  up  a  project. 
“Many  small  firms  are  agile,  and  because  they  have  a 
lighter  management  process,  that  can  make  the  proj¬ 
ect  go  faster,”  says  Jason  Glazier,  chief  technology 
and  e-commerce  officer  at  Lincoln  Financial  Group, 
a  $4.6  billion  provider  of  life  insurance,  retirement 
products  and  wealth  management  services  in  Phila¬ 
delphia.  But  there’s  a  flip  side:  Sometimes  this  same 
lack  of  a  strict  development  process  means  the  bou¬ 
tique  can’t  handle  the  rigors  of  a  bigger  project. 

Once  you’ve  determined  that  a  boutique  is  the 
right  way  to  go,  it’s  time  to  ask  some  questions.  The 
first  is  one  that  you  should  answer:  Have  you  or  your 
peers  or  co-workers  heard  of  this  firm  before?  CIOs 
say  they’re  unlikely  to  go  with  a  no-name  firm  unless 
a  colleague  recommends  it.  “For  a  small  vendor  to 
try  and  cold-call  their  way  in  is  impossible  without 
some  type  of  introduction  or  someone  pushing  to 
bring  them  in,”  Glazier  says. 

You  also  need  to  check  into  the  consultancy’s  fi¬ 
nancial  footing,  either  by  getting  annual  statements 
covering  the  past  three  years,  if  the  company  is  pub¬ 
lic,  or  a  balance  sheet  summary,  if  it’s  private.  Ben 
Harris,  deputy  secretary  for  operations  and  technol¬ 
ogy  at  the  Florida  Department  of  Children  &  Fami- 


So  when  the  insurer  recently  had  to  choose  be¬ 
tween  Java  and  .Net  for  its  Internet  development 
platform,  Delaney  Nelson  lined  up  outside  advisers 
like  Gartner  Inc.  for  an  evaluation  of  the  two  plat¬ 
forms  and  then  turned  to  a  small,  regional  consul¬ 
tancy  to  develop  a  detailed  training  plan,  specify  ar¬ 
chitectural  components  and  choose  the  most  ap¬ 
propriate  development  tools. 

CIOs  today  aren’t  afraid  to  use  such  specialized 
consulting  firms  to  gain  extra  depth  of  experience 
in  IT  niches  or  vertical  industries.  In  fact,  consult¬ 
ing  specialists  are  favored  over  generalists  by 
midsize  clients  with  revenue  between  $10  million 
and  $9  billion  per  year,  according  to  research  by 
Kennedy  Information  Inc.,  a  Peterborough,  N.H., 
firm  that  analyzes  the  professional  services  indus¬ 
try.  (Larger  clients  prefer  one-stop  consulting 
shops  because  their  needs  are  more  complex,  the 
research  indicates.) 

“A  decade  or  two  ago,  no  one  got  fired  for  hiring 
McKinsey  or  IBM.  Now,  bigger  is  not  necessarily 
better,”  says  Jess  Scheer,  executive  editor  at 
Kennedy  Information. 

But  it’s  important  to  learn  when  to  use  boutique 
consulting  firms  and  how  to  manage  the  risks. 


lies,  uses  a  simple  rule  of  thumb:  “I  think  it’s  impor¬ 
tant  to  have  a  minimum  requirement  of  $20  million 
revenue  and  two  to  three  years  of  profitability.” 

Of  course  you  also  want  to  speak  with  the  compa¬ 
ny’s  clients  —  but  not  just  any  client.  Talk  with  refer¬ 
ences  who  are  in  your  industry  or  have  completed 
similar  projects.  “Ask  for  accounts  where  things  have 
gone  smoothly  and  where  things  have  gone  rough,” 
Harris  recommends.  And  ask  what  percentage  of  the 
boutique’s  clients  have  returned  for  another  project. 

People  Count 

It’s  especially  important  to  check  into  the  back¬ 
ground  of  the  CEO  and  other  senior  members  of  the 
firm  —  after  all,  it’s  their  experience  you’re  paying 
for.  Delaney  Nelson  suggests  asking  about  the  specif¬ 
ic  relevant  experience  of  the  consultant  who  would 
be  assigned  to  your  project,  as  well  as  how  recently 
he  obtained  this  experience.  Burns  goes  so  far  as  to 
ask  to  meet,  and  obtain  resumes  of,  the  people  she’ll 
be  working  with. 

The  selection  of  a  boutique  over  a  larger  firm  is  typ¬ 
ically  based  less  on  price  than  on  trust.  In  fact,  bou¬ 
tiques  may  charge  nearly  the  same  hourly  rate  as  IBM 
or  Accenture  Ltd.  However,  since  you’re  likely  work¬ 
ing  with  the  top  guns  at  the  firm,  you  should  be  get¬ 
ting  more  experience  for  your  dollar.  The  smaller 
firms  may  also  be  more  willing  to  overperform  for  a 
large  client,  adds  Harris. 

Clients  are  looking  for  a  trusted  adviser,  says  Tom 
Rodenhauser,  president  of  Consulting  Information 
Services  LLC,  a  market  research  firm  in  Keene,  N.H. 
“Boutiques  are  the  most  accountable  of  consulting 
companies,”  he  says.  “They  can’t  afford  to  do  a  bad 
job.”  ©  46786 


Brandel  is  a  Computerworld  contributing  writer  in 
Grand  Rapids,  Mich.  Contact  her  at  mary.brandel@ 
comcast.net. 


THE  FINE  PRINT 


Here  are  some  tips  for  using  the  contract  to  manage  a 
boutique  relationship: 

■  Get  a  guaranteed  workforce.  Boutiques  don’t  have  a 
deep  enough  bench  to  easily  swap  in  people  with  the  same 
skills  if  someone  leaves  in  the  middle  of  your  project.  That’s 
why  Lincoln  Financial’s  Jason  Glazier  suggests  writing  into 
the  contract  the  names  of  the  project  manager  and  other  spe¬ 
cific  people  you  want  to  work  with.  If  these  people  leave,  you 
can  opt  to  renegotiate,  terminate  the  contract  or  at  least  have 
a  voice  in  the  process  of  interviewing  potential  replacements. 

■  Use  creative  pricing.  Boutique  consultancies  may  be 
more  willing  to  use  payment  models  such  as  contingency 
pricing,  also  called  risk-  or  gain-sharing  [QuickLink  45728], 
With  this  method,  they  get  paid  a  base  price  plus  an  extra  per¬ 
centage  based  on  whether  the  promised  results  are  achieved. 

■  Examine  the  financial  guarantee.  Sometimes  a  bou¬ 
tique  is  so  small  that  even  if  it  will  sign  a  financial  guarantee, 
it  may  not  be  able  to  back  it  because  paying  the  penalty 
would  bankrupt  the  firm.  “If  the  project  is  going  to  create 
large  financial  ramifications,  that’s  difficult  with  a  small  firm, 
because  the  guarantee  doesn’t  mean  much,"  Glazier  says. 

“In  some  cases,  your  lawyers  won't  even  sign  off  on  it." 

-Mary  Brandel 
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WORTH? 


FIND  OUT  when  Computerworld  publish) 
the  results  from  its  18th  Annual  Salary 
Survey  of  IT  professionals! 

How  much  are  other  IT  professionals  with  your  experience  and 
credentials  earning?  With  help  from  you  and  your  IT  colleagues 
across  the  country  Computerworld  will  answer  these  questions 
when  we  deliver  the  results  from  our  18th  Annual  Salary  Survey 


Please  take  our  survey  now  and  enter  a  drawing  to  win  one  of  two 
$500  American  Express  Gift  Cheques.  Our  survey  period  closes 
Wednesday  June  30, 2004,  at  5  p.m. 

Survey  results  and  feature  stories  that  offer  practical  career  advice 
will  be  published  in  the  Oct.  25, 2004,  issue  of  Computerworld.  It 
will  offer  detailed  information  on  average  salaries  and  bonuses, 
broken  out  by  title,  industry  and  region.  You’ll  be  able  to  compare 
your  organization’s  compensation  plans  with  those  of  other 
companies  and  find  the  hottest  areas  of  the  country  for  IT  pay. 

To  take  the  survey,  and  qualify  for  the  drawing,  go  to: 
www.computerworld.com/takesalary2004 
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ASK  AN  IT  LEADER 


Bob  Leo 

rm  Solution 
architect 


R  .  COMPANY:  Ascential 
Software  Corp., 
fir  /  '  Westboro,  Mass. 


Leo  is  this  month's  guest  Comput- 
erworld  Premier  100  IT  Leader,  an¬ 
swering  a  reader's  question  about 
career  options  in  the  IT  field.  If  you 
have  a  question  to  pose  to  one  of 
our  Premier  100  IT  Leaders,  send  it 
to  askaleader@computerworld.com 
and  watch  for  this  column  each 
month  online  and  in  print. 


I  am  pursuing  a  master’s  degree  in 
computer  science  at  a  university  in 
Canada.  I  have  performed  well  acade¬ 
mically  and  have  done  some  manage¬ 


ment  work,  but  I  don’t  have  prior  work 
experience  in  the  IT  field.  What  are  the 
career  options  for  me?  Is  there  a  par¬ 
ticular  technology  I  should  learn  about 
or  certification  I  should  get?  Our  indus¬ 
try  is  so  very  vast,  and  the  opportunities 
are  endless.  I  think  you  have  to  first  de¬ 
cide  the  discipline  you’d  like  to  pursue: 
data  management  (my  favorite),  program¬ 
ming  (which  flavor?),  infrastructure,  secu¬ 
rity,  Web  development  and  telecommuni¬ 
cations  are  just  a  few. 

Once  you’ve  decided  that,  I  would 
recommend  finding  companies  that  can 
offer  you  internship  programs  as  you 
complete  your  degree.  It  lengthens  the 
academic  cycle,  but  it  is  certainly  worth 
it  to  gain  valuable  experience.  Another 
benefit  is  that  you  can  “try  before  you 
buy”  in  the  discipline  you  select,  giving 
you  plenty  of  time  to  change  your  path  if 
you  find  that  your  first  choice  isn’t  as  at¬ 
tractive  as  you  anticipated.  Best  of  luck. 
O  46929 


Numbers  Crunch:  People,  Pay  and  Productivity 


4.7% 

Average  annual  percentage  growth  in  productivity  between  2001  and  2003 

E351 

Percentage  of  IT  organizations  indicating  a  morale  problem 

24% 

Percentage  of  companies  that  pay  IT  employees  salaries  at  least 

20%  higher  than  non-IT  employees 

37% 

Percentage  of  companies  paying  IT  salaries  11%  to  19%  higher 
than  non-IT  salaries 

Percentage  of  Global  2000  companies  that  conduct  semiannual 
reviews  of  IT  salaries 

25% 

Percentage  of  companies  with  an  HR  specialist  dedicated  to  IT 

Behind  IT  Hiring 

Companies  have  hired  IT  staffers  this 
year,  but  the  number  of  new  positions 
continues  to  be  far  from  robust,  ac¬ 
cording  to  Meta  Group  Inc.  Reasons 


for  hiring  break  out  as  follows: 

Acquiring  needed  IT  skills  28% 

Converting  contractors  to  employees  28% 
Business  expansion  28% 

Mergers/acquisitions  27% 

Voluntary  turnover  2% 

New  projects  2% 

Understaffed  1% 

Retirements  1% 

Restructuring  1% 

Promotions  1% 

Involuntary  turnover  1% 

SOURCE:  META  GROUP  INC.,  MAY  2004 


Campus  to  Company 


52% 

Percentage  of  graduates  who 
participated  in  a  college  intern¬ 
ship  or  co-op  program 

60% 

Percentage  of  graduates  who 
search  for  jobs  online 

36% 

Percentage  of  graduates  who 
search  newspaper  classified  ads 

75% 

Percentage  of  graduates  who 
haven't  found  jobs 

13 

$N] 

t 

Average  starting  salary 
graduates  expect  to  earn 

BASE:  722  graduating  college  seniors 

SOURCE:  HARRIS  INTERACTIVE  INC.. 
ROCHESTER,  N.Y.,  MAY  2004 


Budgets  Up, 

Jobs  Up  in  the  Air 

IT  MANAGERS  are  beginning  to 
loosen  their  purse  strings  for  new 
tech  projects,  according  to  a  recent 
study  by  Goldman  Sachs  Global  In¬ 
vestment  Research  in  New  York. 
More  than  half  -  55%  -  of 
100  Fortune  1,000  IT  execu¬ 
tives  interviewed  in  April  said 
they  expect  to  increase  IT 
capital  spending  this  year.  But 
much  of  the  work  associated  with 
those  projects  appears  to  be  head¬ 
ed  offshore.  Asked  which  IT  ser¬ 
vice  providers  are  gaining  a  share 
of  their  IT  spending  dollars,  CIOs 
listed  IBM,  Infosys  Technologies 
Ltd.,  Cognizant  Technologies  Solu¬ 
tions  Group  -  all  of  which  have  a 
large  offshore  presence  in  India  - 
and  BearingPoint  Inc.  as  winners. 
Losers  include  Accenture  Ltd., 
Electronic  Data  Systems  Corp. 
and  Computer  Sciences  Corp. 


CIOs’  Top  Spending 
Priorities 

a  Security  software 
B  Security  hardware 
£  Handheld  devices 
B  Total  storage  software 
a  Wireless  LAN  connectivity 
B  Virtual  private  networks 

■  Web  application  server 
software 

a  Enterprise  portal  software 
b  Voice-over-IP  equipment 
n  Storage  networking 

■  Data  networking 
equipment 


Flexing  Their  Funny  Bones 


WOMEN  IN  IT  USE  LAUGHTER  to  cre¬ 
ate  a  sense  of  solidarity  with  their  fe¬ 
male  co-workers,  exert  their  superiority 
and  deal  with  incongruities  in  the  work 
environment,  according  to  findings  by 
three  researchers  at  the  University  of 
Arkansas. 

The  researchers  assembled  39  fe¬ 
male  IT  professionals  into  six  focus 
groups  to  discuss  their  professional 
experiences,  obstacles  to  promotion, 
work/life  balance  and  other  issues. 

The  researchers  recorded  the  discus¬ 
sions  and  noticed  a  pattern  of  group 
laughter.  Among  other  things,  they 
found  that  women  laugh  for  the  reasons 
mentioned  above  and  to  minimize 


difficulty  of  discussing  taboo  subjects. 

Sometimes  women  laugh  because 
“what  else  can  we  do  when  we  com¬ 
pare  actual  workplace  conditions  to  our 
expectations  for  what  is  fair  or  ideally 
expected  in  a  professional  setting?” 
says  researcher  Myria  Allen,  an  associ¬ 
ate  professor  of  communications. 

Together  with  co-researchers  Mar¬ 
garet  Reid,  a  professor  of  public  admin¬ 
istration,  and  Cynthia  Riemenschneider, 
a  professor  of  information  systems, 

Allen  hopes  to  use  the  study  to  make 
employers  aware  of  barriers  specific  to 
women  in  IT  and  to  come  up  with  ways 
to  overcome  them. 

-  Julia  King 


SOURCES:  BUREAU  OF  LABOR  STATISTICS:  META  GROUP  INC  .  STAMFORD,  CONN.,  2004 
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Finance/ 

insurance 


Retail/ 

wholesale 


telecom  WBimm 

Base:  417  software  decision-makers  at 
North  American  companies 


Sarbanes-Oxley 

Spending 

Percentage  of  firms  planning  to 
increase  spending  on  ERP  to  sup¬ 
port  Sarbanes-Oxley  Act  compli¬ 
ance  during  the  next  12  months: 


NO.  OF  EMPLOYEES 

Base:  454  publicly  traded  companies 
affected  by  Sarbanes-Oxley 


Beefing  Up  Bl 

Percentage  of  companies  by 
sector  that  plan  to  increase  de¬ 
ployment  of  business  intelligence 
during  the  next  12  months: 


Wireless  LAN  Plans 


Base:  479  infrastructure  decision-makers 
at  North  American  companies 


How  will  your  deployment  of 
WLANs  change  during 
the  next  12  months? 


"Don't  know 


Media/leisure/ 

entertainment 


Utilities/ 


QUICK  HITS 


CATHERINE  A.  TOMCZYK 


Time  to  Get 
Back  to  Basics 


CUTTING,  PASTING,  coloring  within  the 
lines,  playing  nicely,  telling  stories  and 
sharing  toys  are  skills  we  learned  in 
kindergarten.  I  am  still  amazed  that  these 
are  also  the  primary  skills  required  to  be 
a  good  project  manager. 

I  have  been  a  project  manager  since  the  beginning 
of  time.  That  means  back  in  the  days  when  critical 
paths  were  calculated  by  hand,  and  a  schedule  was 
printed  once  on  a  plotter  at  the  beginning  of  the  project 


and  markers  were  used  to 
note  updates  on  white  tape. 

Today  we  have  incredi¬ 
ble  software  that  easily 
identifies  critical  paths, 
prints  schedules  and  al¬ 
lows  the  project  manager 
to  play  with  unlimited 
“what  if”  scenarios.  Yet, 
even  with  the  new  and  im¬ 
proved  printers  and  soft¬ 
ware,  our  most  useful  skills 
are  still  those  we  learned 
in  kindergarten. 

Take  our  scissors,  tape 
and  glue  skills,  for  example.  We  print 
out  a  schedule,  cut  the  edges  off  the 
paper  and  tape  the  sixteen  8-by-ll 
pages  together  so  we  can  move  this 
scheduling  masterpiece  from  the  of¬ 
fice  floor  to  the  wall  of  the  project 
room  —  usually  in  another  building. 
Gluing  has  had  to  be  relearned  be¬ 
cause  the  modern  glue  stick  is  more 
like  gum  than  glue  and  it  takes  all 
night  to  harden.  Cubicles  don’t  have 
enough  floor  space  to  allow  for  the 
hardening  process,  so  we  drape  the 
schedule  over  the  cubicle  walls,  creat¬ 
ing  a  scheduling  tent. 

Color-coding  is  the  project  manag¬ 
er’s  primary  communication  tool.  We 
color-code  responsibilities  because 
people  can’t  find  their  names  in  the  re¬ 
source  column  to  update  their  status 


without  easy  visual  cues. 
When  facilitating  meetings, 
we  use  color  markers  to 
separate  ideas  for  the  visu¬ 
al  learners.  Even  our  proj¬ 
ect  status  dashboards  are 
color-coded.  After  all, 
“PAST  DUE”  does  not  send 
a  clear  enough  message,  so 
we  make  it  red,  with  “AT 
RISK”  in  yellow  and  “ON 
SCHEDULE”  in  green.  My 
project  room  looks  like  a 
Disney  art  studio  full  of 
color-coded  charts  and 
reports.  All  I  need  now  is  animation. 
Maybe  I  should  use  happy  bears  with 
green  balloons  when  we’re  on  sched¬ 
ule  and  rain  clouds  when  we  aren’t. 

All  project  managers  know  that 
meetings  are  essential,  and  they  need 
structure.  My  meeting  rules  mimic 
those  set  by  Robert  Fulghum  in  All  I 
Really  Need  to  Know  I  Learned  in 
Kindergarten  (Ballantine  Books,  1993): 
“Share  everything,  play  fair,  don’t  hit 
people  and  clean  up  your  own  mess. 

. . .”  I’ve  learned  not  to  assume  that 
adults  know  that  being  on  time  is 
courteous,  that  a  cell  phone  ringing 
during  a  meeting  is  rude  or  that  only 
one  person  should  speak  at  a  time.  I 
have  even  had  to  write  rules  remind¬ 
ing  people  that  physical  altercations 
are  not  acceptable.  Some  people  obvi- 


CATHERINE  A.  TOMCZYK  is  a 

project  manager  at  First 
Data  Corp.  in  Englewood, 
Colo.  Contact  her  at 

catherine.tomczyk® 

firstdatacorp.com. 


ously  failed  the  “play  well  with  oth¬ 
ers”  lesson. 

Telling  stories  is  at  the  heart  of  a 
project  manager’s  communication 
plan.  We  are  taught  that  reports  and 
charts  are  the  most  effective  commu¬ 
nication  tools,  but  oral  traditions  are 
what  really  build  productive  teams. 
People  want  you  to  tell  them  what  the 
documents  say,  in  easy-to-understand 
language.  If  you  can  add  clever  meta¬ 
phors,  that’s  even  better.  Illustrate  crit¬ 
icisms  with  meaningful  personal  sto¬ 
ries,  and  team  members  will  change 
their  behavior.  Verbally  paint  a  color¬ 
ful  picture  of  the  project  vision,  and 
the  team  will  jump  on  board  with  con¬ 
tagious  enthusiasm.  And  don’t  forget 
that  your  job  is  to  repeat  the  stories 
over  and  over  and  over  again. 

Sharing  is  the  project  manager’s 
mantra.  We  all  share  old  project  char¬ 
ters,  schedules  and  risk  lists.  After  all, 
take  a  turbine  overhaul  schedule  and 
replace  the  word  turbine  with  software 
and  it  almost  works.  Risks  about  ship¬ 
ping  or  traveling  in  winter  affect  all 
projects,  whether  they  involve  build¬ 
ing  computer  telephony  systems  or  in¬ 
stalling  medical  devices. 

We  all  remember  kindergarten 
for  daylong  playtime,  and  we  need 
to  remember  that  fun  is  still  what 
makes  the  days  enjoyable,  the  work 
pleasurable  and  the  learning  interest¬ 
ing.  The  agenda  for  every  workday 
should  include  fun. 

So  next  time  you’re  feeling  over¬ 
whelmed  by  the  complexity  of  a  proj¬ 
ect,  remember  that  the  skills  that  will 
get  you  through  are  the  ones  you  mas¬ 
tered  in  kindergarten.  ©  46626 

IN  THE  TRENCHES 

Learning  by  doing  beats  by-the-book  project 
management  any  day:  QuickLink  43736 


WANT  OUR  OPINION? 

OFor  more  columns  and  links  to  our  archives,  go  to 

www.computerworld.com/opinions 
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As  low  as 


$475 


pentium  Zf 


CYBERNET — 

Space  Saving  Technology 

For  product  specs  and  model  options  visit  us  at:  WWW.Cybemetni3n.C0ni, 

or.* TOLL  FREE  888-834-4577  International  949-477-0300 


Rid  of  the  PC  Box. 


The  PC  Box 


As  an  I.T.  Manager,  your  greatest  challenge  could 
be  where  to  put  that  big  PC  BOX!  Cybernet  has 
created  an  innovative,  all-in-one,  Zero-Footprint-PC. 
The  entire  PC  fits  inside  a  normal  size  keyboard! 
This  design  has  helped  many  businesses  nationwide 
to  save  valuable  space. 


An  entire  PC  inside  a  keyboard 

OPTIONS: 

Internal  slim  CDRW/DVD  •  Internal  floppy  •  Internal  fax  modem  •  DVI  (Digital  Video) 
Parallel  Port  •  TV-Out  (NTSC/PAL)  •  Plastic  Skin  Protector  •  LCD  Displays:  15",  17", 

18"  and  19"  (touch  screen  available)  •  Wireless  802.1  Ib/g  available 

Runs  all  Microsoft™  Windows  98/2K/XP/NT  operating  systems. 

U.  S.  Patent  Pending.  ©  2004,  Cybernet  Manufacturing,  Inc.  all  rights  reserved.  The 
Cybernet  logo  and  Zero-Footprint-PC  are  trademarks  of  Cybernet  Manufacturing,  Inc. 
Intel,  Intel  Inside,  Pentium,  Celeron  are  trademarks,  or  registered  trademarks  of  Intel 
Corporation,  or  its  subsidiaries  in  the  United  States  and  other  countries.  All  other  regis¬ 
tered  trademarks  are  property  of  their  respective  owners.  Prices  and  specifications  are 
subject  to  change  without  notice.  All  prices  are  excluding  tax  and  shipping.  ‘Monitor 
not  included. 


STANDARD  FEATURES: 

•  Intel®  Pentium®  4  Processor  up  to  2.80GHz/533  FSB 

•  128MB  DDR333  SDRAM  up  to  2GB 

•  40GB  IDE  7200  RPM  hard  drive,  up  to  any  size 

•  10/100  Ethernet,  4  USB  2.0,  2  IEEE1394  Firewire,  2  Serial  Ports 

•  2-Year  Limited  Warranty 

All  these  features  are  inside  the  keyboard! 
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it  careers.com 


enterprise  integration 
network  vulnerabilities 
corporate  data  security 
government  compliance 
mobile  &  wireless  security 
business  management  needs 


The  right  IT  professional 
can  jump  the  hurdles  of 
today’s  IT  challenges. 


Call: 

(800)  762-2977 


Software  Engineer  (Duncan, 
South  Carolina)  Under  supervi¬ 
sion,  build  and  design  software 
distribution  systems;  implement, 
test  systems  applications,  cus¬ 
tomize  software,  maintain  soft¬ 
ware  tables  and  develop  and 
extensions;  analyze  and  define 
business  requirements,  and  pro¬ 
vide  IT  solutions  for  business 
tasks;  conduct  systems  engi¬ 
neering  tests;  take  business 
requirements  and  translate  them 
into  technical  specifications;  lai- 
ise  with  colleagues  in  Germany 
concerning  work.  Reqs;  BS  in 
Comp  Sci,  Engineering  or  Math; 
6  mos  exp  in  position  or  six 
months  exp  as  programmer. 
Must  have  knowledge  of  Unix 
Shell  and  SQL  and  fluency  in 
German  40  hrs/week;  9-5, 
$40,000  p.  yr.  Send  letter  and 
resume  to:  Terri  Brennan,  Arvato 
Systems  NA,  Inc.,  1540 
Broadway,  New  York,  NY  10036. 


Seeking  qualified  applicants  for 
the  following  positions  in  Collier¬ 
ville,  TN:  Senior  Technical  Ana¬ 
lyst.  Research,  evaluate,  imple¬ 
ment  and  coordinate  changes  to 
computer  systems/applications. 
Requirements:  Bachelor's  de¬ 
gree  or  equivalent*  in  computer 
science,  math,  MIS,  computer 
information  systems,  engineer¬ 
ing  or  related  field  plus  5  years 
of  experience  in  systems/appli¬ 
cations  development,  including 
programming.  Experience  with 
systems  administration  using 
Solaris,  HPUX  and  LINUX  also 
required.  'Master's  degree  in 
appropriate  field  will  offset  2 
years  of  general  experience. 
Submit  resumes  to  Glenn  Geig¬ 
er,  FedEx  Corporate  Services, 
25  FedEx  Parkway,  Collierville, 
TN  38017.  EOE  M/F/D/V. 


Diveo,  a  leading  broadband  in¬ 
ternet  access  services  company, 
has  an  opening  for  Chief  Tech¬ 
nology  Officer  in  Fort  Lauder¬ 
dale,  Florida.  The  position  re¬ 
quires  a  bachelor  degree  or  for¬ 
eign  equivalent  in  telecommuni¬ 
cations,  electrical  engineering, 
or  closely  related  field  and  a 
minimum  of  eight  years  related 
experience.  Position  also  re¬ 
quires  related  experience  in 
fiber  optic  networks,  data  center 
building  and/or  management, 
and  leading  technology  teams  in 
Latin  America.  Please  forward 
resume  to:  Diveo,  Attention: 
Human  Resources,  Job  ID: 
112358,  One  Financial  Plaza, 
Suite  1700,  Fort  Lauderdale,  FL 
33394.  EOE.  No  Emails. 


Software  Developer,  Alpharetta: 
Design,  develop  &  test  s/ware 
applications  incl.  server  side 
development  using  J2EE,  Al 
techniques,  Java,  Struts,  Wind¬ 
ows,  UNIX,  XML,  graphics  pro¬ 
gramming,  RDB  &  JDBC. 
Develop  production  grade  sys¬ 
tems  using  advanced  graphics  & 
Al  technologies  in  Java-based 
enviro;  estimate  s/ware  lifecycle 
tasks;  repair  &  modify  programs. 
Req:  Bachelors  in  Comp.  Sci.+  2 
yrs.  exp.  in  job  offered  or  as 
S/ware  Dvlpr  w/exp.  developing 
production  grade  systems  using 
advanced  graphics  &  Artificial 
Intelligence  technologies  in  JAVA 
environment.  Mail  resume  to:  HR, 
Seldon  Systems,  705  Barnesley 
Lane,  Alpharetta,  GA  30022. 


Prog/Analysts  to  analyze  and 
develop  appls  using  OOAD, 
VC++,  C++,  ASP,  VB,  Java, 
XML,  XSL,  Jscript,  UML, 
HTML,  etc.  under  Windows/ 
UNIX  OS;  perform  initial  study 
of  req  and  provide  feedback; 
provide  on  site  maintenance 
support,  debug,  modify,  fine 
tune  and  perform  code  opti¬ 
mization.  Require:  BS  or  for¬ 
eign  equiv.  in  CS/Engg.(any 
branch)  &  2  yrs  of  exp.  in  ST. 
High  Salary.  Travel  Involved. 
F/T.  Resume  to:  HR,  Fourth 
Technologies,  Inc.,  585  Toll- 
gate  Road  Suite  I,  Elgin,  IL 
60123. 


Embedded  Software  Engineer  II: 
As  member  of  the  Platform  and 
Protocol  SW  team,  ESE  is 
responsible  for  gathering 
requirements,  developing  speci¬ 
fications,  design,  implementa¬ 
tion,  unit  testing,  integration,  and 
maintenance  of  embedded  soft¬ 
ware  on  a  Motorola  based  plat¬ 
form.  Daily  duties  include:  writ¬ 
ing  functional  specifications; 
decomposing  functional  specifi¬ 
cations  into  component  require¬ 
ments;  estimating  time-to-com- 
plete  based  on  the  requirements 
and  preliminary  design  informa¬ 
tion;  designing  components  that 
fit  in  the  current  architecture; 
and  maintenance  of  existing 
Platform  and  Protocol  firmware 
to  support  existing  and  future 
software  releases.  Daily  work 
with  the  TRxStream  and 
NetAccess  series  product  line, 
which  consists  of  PCI  and  cPCI 
voice,  IP  telephony,  fax,  telepho¬ 
ny  hardware,  embedded  soft¬ 
ware,  device  drivers,  APIs,  and 
various  signaling  and  data  proto¬ 
cols  such  as  SS7  and  ISDN. 
Min.  Reqs.:  BS/BA  (foreign 
equivalent  accepted)  in  CS,  IT, 
EE,  or  related  field  of  study  plus 
2  yrs  exp.  in  job  offered  or  2  yrs 
exp.  in  a  related  occupation 
designing,  developing  and  main¬ 
taining  embedded  platform  and 
protocol  software  development 
for  telecommunication  products. 
PLUS,  must  have  demonstrated 
experience  and  working  knowl¬ 
edge  of  the  following:  (1)  pro¬ 
gramming  skills  using  C/C++; 
(2)  Real-time  embedded  soft¬ 
ware  development  for  Motorola 
processor  based  telecom  prod¬ 
ucts;  (3)  SW  maintenance  and 
customer  support  for  telecom 
products;  and  (4)  PSTN  telepho¬ 
ny  technologies  and  protocols. 
Basic  pay  range  is  $55,000  to 
$70,000  per  year  FT  and  stan¬ 
dard  company  benefits.  EEO. 
Submit  2  resumes  and  respond 
to  Job  Order  No.  #2004-668,  PO 
Box  989,  Concord,  NH  03302- 
0989. 


COMPUTER  PROFESSION¬ 
ALS:  Radiant  Systems,  Inc.  a 
Nationwide  Technology  provider 
located  in  NJ.CT.TX  &  FL  req 
Professionals  w /  Hardware  &/or 
Software  skills  Incl:  C,  C++, 
Java,  JavaScript,  XML,  UML, 
Perl,  HTML,  SQL,  Pro*C,  VB, 
PB,  VC++,  MFC,  SDK,  Gupta- 
SQL,  Informix,  Crystal  Reports, 
Sybase,  Dev  2000,  Lotus  Notes, 
Unix,  Win  NT/95/XP,  RTOS,  Sun 
OS,  Help  Desk/PC-Support, 
SAP,  R/2-R/3,  ABAP/4,  SAP 
Scripts,  PeopleSoft,  IDMS, 
AS/400,  COBOL/CICS/DB2, 
MVS,  RPG/400,  SQA,  Win/Load 
Runner,  SNMP,  COBRA,  ASP, 
Active-X,  DTM/TDMA,  FDMA, 
Routers,  DSP/ATM,  FRAME 
RELAY,  TCP/IP,  ISDN,  DCOM, 
COM,  PL/1,  SAS,  Vx-Works, 
VHDL,  SONET/SDH,  SNMP,  HP 
OpenView,  Proj  Mgr, Tech 
Writers.  Candidates  w/a  BS(or 
equiv)  &  2yrs  exp.  as  P/A  and/or 
MS  (or  equiv)  &  1  yr  exp.  as  S/E. 
Travel  &  re!oc.,req.  to  anywhere 
in  USA  as  assigned.  Excel. 
Benefits.  E-Mail:  radiants@radi- 
ants.com  Attn:  H.R.  Dept.  109-A 
Corporate  Blvd.,  S.  Plainfield, 
NJ  07080. 


Sr.  Internal  Auditor.  Seeking 
qualified  applicants  for  the 
positions  of  Senior  Internal 
Auditor.  Position  requires  a 
B.S.  in  C.S  or  Computer 
Engineering,  plus  4  years 
experience  in  position,  sys¬ 
tems  analysis,  programming 
or  technical  systems  auditing. 
Please  forward  resume  to: 
BellSouth  Corporation,  Attn: 
Susan  Rodgers,  1155 
Peachtree  Street  N.E.,  Suite 
8F07,  Atlanta,  GA  30309. 
EOE 


IT  PROFESSIONALS 
Consultant 

(Glen  Mills,  Pennsylvania  and 
other  locations  through  the  U.S.) 
Responsible  for  leading  a  small 
team  of  developers  and  techni¬ 
cal  architects  on  large  Internet- 
based  application  engagements 
while  working  with  design  and 
requirement  specifications  to 
develop  the  desired  functionality 
using  web-based  technology 
tools  such  as  Java,  Java  2 
Enterprise  Edition  (J2EE),  Java 
Servlets,  JSP  and  JDBC  focus¬ 
ing  on  user-interface  (screens, 
navigation,  etc.)  component  of 
the  system.  Involved  in  develop¬ 
ment  and  testing  of  middleware 
architecture  utilizing  IBM  Web¬ 
Sphere  and  CORBA.  Participate 
in  planning  and  scoping  activi¬ 
ties  and  development  of  multiple 
application  development  techno¬ 
logies  and  information  technolo¬ 
gies  integration  and  implemen¬ 
tation  strategies  using  various 
tools  and  languages.  Design, 
build,  assemble  and  test  capa¬ 
bilities  for  software  that  may  be 
integrated  with  another  business 
package  or  application.  Coordin¬ 
ate  integration  of  client/server 
system  with  existing  mainframe 
applications  with  knowledge  of 
Java  development  on  main¬ 
frame  and  transaction  coordina¬ 
tors  such  as  CICS  (Customer  In¬ 
formation  Control  System).  Con¬ 
struct  detailed  system  design 
using  data  and  object  models. 
Define  technical  architecture  for 
proposed  solutions  and  involved 
in  the  overall  design  of  the  sys¬ 
tem.  Responsible  for  ensuring 
that  system  is  stable  and  func¬ 
tioning  efficiently;  diagnosing 
problems  or  issues  as  they 
arise;  ensuring  that  any  issues 
or  problems  are  resolved  in  a 
timely  manner. 

The  wage  offered  is  $75,780  per 
year.  The  work  schedule  is 
Monday-Friday,  9:00  am  to  5:00 
pm.  The  minimum  requirements 
are  as  follows:  Bachelor's 
degree  in  Computer  Science, 
Engineering  (any  type),  Math, 
Information  Systems  or  Busin¬ 
ess  Administration/Business  +  2 
years  of  experience  in  the  job 
offered  or  2  years  of  experience 
as  a  Systems  Analyst  or  Tech¬ 
nology  Intern.  Related  experi¬ 
ence  must  include  at  least  one 
year  of  experience  in  the  devel¬ 
opment  and  testing  of  middle¬ 
ware  architecture  such  as  IBM 
WebSphere  and  CORBA.  Posit¬ 
ion  also  requires  at  least  one 
year  of  experience  with  system 
integration  and  key  Java  2  and 
J2EE  elements  including  Java 
Servlets,  JSP,  JDBC,  Java  de¬ 
velopment  on  mainframe  and 
transaction  coordinators  such  as 
CICS  (Customer  Information 
Control  System). 

Please  send  your  resume,  refer¬ 
encing  Job  Order  Number  WEB 
420986  to  the:  PA  CareerLink, 
FLC  Unit,  235  West  Chelten  Av¬ 
enue,  Philadelphia,  PA.  19144. 
EOE. 


COMPUTER  PROFESSIONALS 
Opportunities  for: 

•  SYSTEMS/BUSINESS/ 
PROGRAMMER  ANALYSTS 

•  PROCESS  CAPABILITY 
ANALYST 

•  QC  ANALYST 
•WEB  ARCHITECTS/ 

DEVELOPERS 

•  SYSTEMS  ANALYSTS 

•  WEB  GRAPHIC  DESIGNERS 

•  NETWORK  ENGINEERS 

•  PROGRAMMER/ANALYSTS 

•  SOFTWARE  ENGINEERS 
SKILLS: 

•  COLD  FUSION  •  SPECTRA 

•  ORACLE  •  VISUAL  BASIC 

•  VISUAL  C++  •  SIEBEL  •  ASP 

•  COM,  DCOM  •  JSP  •  HTML 

•  JAVA,  JAVA  BEAN  •  EJB  JAVA 
SERVLETS  •  WEBSPHERE 

•  IBM  MQ  SERIES  •  XML, UML 

•  MTS  •  CLARIFY  •  PERL 

•  OBJECTPERL  •  SPYPERL 

•  SMALLTALK  •  PL/SQL 

•  VISUAL  AGE  •  COBOL,  SPL, 
UNIX 

Visit  our  website  @ 
www.computerhorizons.com 
Attractive  salaries  and  benefits. 
Please  forward  your  resume  to: 
H.R.  Mgr.,  Computer  Horizons 
Corp.,  49  Old  Bloomfield 
Avenue,  Mountain  Lakes,  New 
Jersey  07046-1495.  Call 
973-299-4000.  E-mail:  jobs@ 
computerhorizons.com.  An 
Equal  Opportunity  Employer  M/F. 


Consulting: 

Strategy  &  Operations 

Deloitte  Consulting  LLP  invites 
you  to  explore  a  dynamic  career 
in  Glen  Mills,  PA  and  throughout 
the  United  States.  A  consulting 
position  of  a  Strategy  &  Opera¬ 
tions  Manager  is  available  with 
experience  managing  consulting 
projects  from  conception  to  final 
delivery  for  multinational  compa¬ 
nies  in  the  Communications 
Industry,  specifically  in  the  areas 
of  Corporate  Strategy  and  Oper¬ 
ations  Excellence.  Use  cross¬ 
functional  skills  (Strategy,  Infor¬ 
mation  Technology,  Operations, 
Finance  and  Marketing)  and 
industry  specific  experience  to 
quickly  penetrate  clients  to  un¬ 
derstand  their  current  and  future 
needs.  Perform  business  review 
and  evaluation  including  re¬ 
search  of  industry  trends  and 
financial  analysis;  map  process¬ 
es  and  identify  improvement 
opportunities  for  quick  imple¬ 
mentation;  conduct  interviews 
and  facilitate  visioning  exercises 
with  executives;  write  compre¬ 
hensive  reports  for  clients'  sen¬ 
ior  management;  develop  short 
and  long-term  strategies  for 
clients.  Perform  the  role  of  mod¬ 
erator  between  technology  and 
business  teams.  Supervise  and 
manage  associates  and  provide 
directions  and  feedback  regard¬ 
ing  their  performance.  Manage 
quality  of  deliverables  and  finan¬ 
cial  performance  of  projects  and 
coordinate  collection  activities. 
Participate  in  business  develop¬ 
ment  activities  for  industry  target 
clients. 

Master's  degree  or  equivalent  in 
Computer  Science,  Math.  Engin¬ 
eering  (any),  Information  Sys¬ 
tems  or  Business  Administration 
and  at  least  5  years  of  experi¬ 
ence  in  the  job  offered  or  5  years 
of  experience  as  a  Manager 
(any),  Senior  Consultant,  Fi¬ 
nance  Associate  or  Related  is 
required.  At  least  three  years  of 
related  experience  working  with 
senior  management  in  multina¬ 
tional  companies  in  the  Com¬ 
munications  Industry  with  cross¬ 
functional  experience  in  Strat¬ 
egy,  Information  Technology, 
Operations,  Finance  and  Mar¬ 
keting  must  include  performing 
business  evaluations  (financial 
analysis  and  industry  research), 
identifying  and  implementing 
process  improvement  opportuni¬ 
ties,  writing  strategy  reports, 
development  of  short  and  long¬ 
term  strategic  plans,  supervision 
of  staff,  client  collection  activities 
and  developing  new  business 
opportunities. 

Travel  is  required  80%  of  the 
time  at  a  minimum.  Must  also  be 
willing  to  relocate  to  client  sites. 

Interested?  Please  submit  your 
resume  by  email  to  eazzaro@ 
deloitte.com. 

Deloitte  Consulting  LLP  is  an  e- 
qual  opportunity  firm.  We  recruit, 
employ,  train,  compensate  and 
promote  without  regard  to  race, 
religion,  creed,  color,  national 
origin,  age,  gender,  sexual  ori¬ 
entation,  marital  status,  disability 
or  veteran  status,  or  any  basis 
protected  by  applicable,  federal, 
state  or  local  law.  Copyright 
©2004  Deloitte  Development 
LLC.  All  rights  reserved. 


IS  Mgr.  to  d/zn  /maintain  net¬ 
works;  support  LAN,  WAN,  &  In¬ 
ternet  systems.  T/shoot  TCP/IP 
issues.  System  admin.  Of  NT/ 
Unix  systems.  Use  applns.  in 
Cognos  PowerHouse  by  Sun 
Solaris,  IBM  AIX,  MS  Win  NT, 
Rapid  Appln  Dev,  S/ware  Pro¬ 
gramming,  with  Object  Oriented 
analysis  &  d/zn  process.  Net¬ 
work  security  through  firewalls  & 
IDS.  Administer  email  servers 
running  MS  Xchange  &  qmail. 
Provide  expertise  on  disaster  re¬ 
covery  &  planning.  Admin  ser¬ 
vers  in  a  heterogeneous  env. 
running  Linux,  Windows,  Sun 
Solaris  &  HP-UX.  D/zn  high 
availability  clusters  on  various 
platforms  &  provide  max  uptime. 
Consult  customers  running  high- 
end  backoffice  env  like  AS400/ 
Unix  &  advise  best  options  for 
digital  copiers/printers.  D/base 
Admin,  for  MS  SQL  Server  &  DB 
Arch  for  prospect  tracking  ap¬ 
plns  using  .NET.  Comp.  Salary. 
MS  in  Comp.  Sci.  +1  yr.  exp.  in 
job  OR  1  yr.  exp.  in  Networks/ 
Database  Admin.  Apply:  The 
Stewart  Org.;  4000  Colonnade 
Pkwy,  Birmingham,  AL  35243 
with  proof  of  perm,  work  authzn. 
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IT  PROFESSIONALS 
Consultant 

(Glen  Mills,  Pennsylvania  and 
other  locations  through  the 
U.S.).  Involved  in  all  phases  of 
System  Development  Life  Cycle 
(SDLC)  using  IBM  Mainframe 
technologies  in  general  and 
COBOLII,  CICS  (Customer  Info¬ 
rmation  Control  System),  VS  AM 
(Virtual  Storage  Access  Method) 
and  DB2  in  specific.  Conduct 
user  requirements  and  design, 
develop  and  implement  online 
and  batch  programs  with  various 
levels  of  complexity.  Involved  in 
all  phases  of  SDLC  using  JAVA 
and  Power  Builder  providing  the 
conceptual  strategy  to  imple¬ 
ment  JAVA  /  Power  Builder  user 
views  with  COBOL  business 
modules.  Design  and  develop 
Use  Cases  to  execute  the  test¬ 
ing  of  JAVA  modules.  Member  of 
the  Joint  Application  Develop¬ 
ment  (JAD)  sessions  with  the 
development  teams  to  gather 
requirements  and  to  develop 
conceptual  design  of  user 
screens  utilizing  CICS/JAVA/ 
Power  Builder.  Involved  in  the 
design,  development  and  fine 
tuning  of  COBOL/PL/1  programs 
with  significant  DB2  SQL  ac¬ 
cess.  Utilizes  platinum  utilities 
for  DB2  to  tweak  the  perform¬ 
ance  of  DB2  SQL,  Administra¬ 
tion  and  Management  of  appli¬ 
cation  specific  DB2  tables. 
Develops  Ad-hoc  reports  and 
feed  files  for  the  external  and 
internal  agencies  using  DB2, 
Complex  SQL  and  TERADATA. 
Automates  processes  for  quick¬ 
er  turnaround  of  application  de¬ 
velopment  and  develops  tools  to 
execute  the  stream  of  jobs  using 
REXX  to  automate  the  testing 
activities.  Designs,  develops 
and  implements  JCL  (Job  Con¬ 
trol  Language)  jobs  to  execute 
batch  programs. 

WAGE:  $74, 752/year 

Hours  worked:  Monday-Friday 

9:00am-5:00pm 

MINIMUM  REQUIREMENTS: 
Bachelor’s  degree  in  Engineer¬ 
ing  (any  type).  Math,  Business 
Administration  or  Information 
Systems  +  3  years  exp.  in  the 
job  offered  or  3  years  exp.  as  a 
Senior  Consultant,  Consultant, 
Analyst  or  Module  Leader.  Re¬ 
lated  experience  must  also  in¬ 
clude  at  least  2  years  of:  VS 
COBOL  II,  CICS  (Customer  Info¬ 
rmation  Control  System),  VSAM, 
DB2/SQL,  PL/1,  JAVA,  Power 
Builder,  TERADATA,  REXX,  JCL 
(Job  Control  Language),  and 
Platinum  utilities  for  DB2. 

Please  send  your  resume,  refer¬ 
encing  Job  Order  Number  WEB 
420835  to  the:  Philadelphia  NW 
Careerlink,  FLC  Unit,  235  W. 
Chelten  Ave.,  Philadelphia,  PA 
19144.  EOE. 


Infomerica  is  looking  for  sys¬ 
tem/programmer  analysts,  soft¬ 
ware/project  engineers  &  com¬ 
puter  consultants  to  develop 
applications  using  Oracle,  SQL, 
DB2,  C/C++,  VB,  SAP,  Java, 
Infomix  etc.  Candidates  must 
have  BS/MS  with  IT  exp.  Send 
resumes  to  info@infomericainc 
.com  EOE. 

Cigniti  has  openings  for  System 
Analysts  or  Software  Engineers. 
Candidates  must  have  BS/MS 
with  experience.  Use  skills  such 
as  Java,  Cobol,  EJB,  ERP, 
Oracle,  SQL,  VB,  C/C++.  Travel 
may  be  required  for  some  jobs. 
Competitive  salary.  Please  apply 
at  info@cioniti.com.  No  calls. 
EOE. 


Sr.  Technical  Lead  Architect. 
Lead  team  of  3  or  more;  create 
data  models;  meet  with  business 
unit;  perform  high  end  develop¬ 
ment  in  a  Data  Warehouse,  C# 
Architecture  and  Web  Services 
environment;  Requirements: 
B.S.  degree  in  Electrical  Engin¬ 
eering,  Computer  Science  or  a 
related  field  PLUS  2  yrs.  exp.  in 
job  or  2  yrs.  as  Programmer/ 
Analyst  or  Developer  in  Data 
Warehousing,  Technical  Archi¬ 
tecture,  and  C  #  architecture. 
Send  CV  to  Elite  Computer 
Consultants  Attn.  Rod  Holtkamp, 
Address  10333  N.W.  Frwy,  Suite 
414  Houston,  TX  77092  Fax: 
713-686-9454. 


Senior  Architect  (Advisory  Sys¬ 
tems  Engineer):  Serve  as  team 
leader  in  the  design  and  imple¬ 
mentation  of  large-scale  busi¬ 
ness  systems  based  on  J2EE 
architecture;  responsible  for  net¬ 
work  and  distributed  program¬ 
ming  as  well  as  defining  the 
technical  architecture  of  infor¬ 
mation  services  facing  external 
customers  and  leveraging  exist¬ 
ing  telecom  vertical  services; 
provide  senior  management  with 
system  design  recommenda¬ 
tions  to  alternatives  in  confor¬ 
mance  with  corporate  architec¬ 
tural  guidelines  and  coordinating 
the  implementation  of  designs 
within  projected  time  frames; 
recommend  techniques  and 
methodologies  to  systems  per¬ 
sonnel  that  will  result  in 
improved  productivity  and  prod¬ 
uct  quality.  Requires  Masters 
degree  in  Comp  Science  or 
Math  plus  2  years  exp  in  the  job 
offered  or  2  years  exp  in  the 
design  and  implementation  of 
large-scale  business  systems 
based  on  J2EE  architecture, 
and  network  and  distributed  pro¬ 
gramming.  Salary  $103,000/yr, 
40  hrs/wk,  8AM-5PM,  Monday- 
Friday.  To  apply,  submit  two  (2) 
copies  of  resume  to:  Case  # 
200204084,  Division  of  Career 
Services,  Labor  Certification 
Unit,  19  Staniford  St,  1st  Fi., 
Boston,  MA  02114. 


Software  Engineer/ 
Technology  Analyst 

Min.  BS  in  Computer  Science, 
Physics,  Math  or  related  field. 

-  5  yrs  exp.  req.,  must  include  3 
yrs  of  exp.  in  business  process 
management,  project  manage¬ 
ment,  process  re-engineering. 
Six  Sigma  project  exp  required. 

-  Knowledge  of  multiple  tech¬ 
nologies  including:  UML  design, 
J2EE,  .NET,  XML/XSL,  SOAP, 
JavaScript,  Java,  VB,  VB.NET, 
C/C++,  C#,  Perl,  TCL,  CORBA, 
COM/DCOM,  PL/SQL,  Oracle/ 
SQL  Server. 

-  Proficient  in  interactive  TV 
technologies  including:  OpenTV 
SDK,  Seachange  VOD  manage¬ 
ment  systems,  DSM-CC  proto¬ 
col. 

Mail  only:  Steve  Winter,  Ergos, 
1717  St.  James  Place,  Suite 
320,  Houston,  TX  77056. 


Executive  Director  -  OEM  Ser¬ 
vers  and  Appliances  (with  Mas¬ 
ters  degree  and  3  years  experi¬ 
ence  or  Bachelors  degree  and  8 
years  of  experience)  -  Job  en¬ 
tails  and  requires  experience  in 
product  management,  sales  and 
marketing  management  of  rack- 
mount  servers;  designing  and 
developing  a  business  plan  and 
formulating  new  marketing  strat¬ 
egies;  designing  and  developing 
complete  line  of  rackmount  in¬ 
ternet  servers  and  appliance 
products;  creating  engineering 
designs  using  AutoCad  and 
designing  programs  using  C  and 
C++;  developing  and  maintain¬ 
ing  vendor  relationships;  devel¬ 
oping  relationships  with  open 
source  community  (Linux  and 
FreeBSD).  Relocation  within 
USA  Possible.  Attractive  com¬ 
pensation  package.  Send  resu¬ 
me  to  Norma  Huntington,  NCS 
Technologies,  Inc.,  9490  Innova¬ 
tion  Drive,  Manassas,  VA  20110. 


System  Administrators  to  install, 
maintain,  administer  Windows, 
Linux,  Solaris  OS;  install,  main¬ 
tain  Web/Mailing  Servers;  plan, 
maintain,  troubleshoot  LAN/ 
WAN;  maintain  backups  &  pro¬ 
vide  hardware/software  support 
for  users;  create,  update  user 
accounts;  evaluate  new/existing 
systems,  recommend  future  IT 
strategies.  Require:  BS  or  for¬ 
eign  equiv.  in  CS/Engineering 
(any  branch)  and  two  yrs  exp  in 
job  offered.  MS  of  foreign  equiv. 
in  one  of  the  above  fields  will  be 
accepted  in  lieu  of  BS  &  2  yrs 
exp.  F/T.  Travel  Involved.  High 
Salary.  Resumes  to:  HR,  Global 
IT  Solutions  USI,  Inc.,  600 
Stevens  Port  Drive,  Ste  125, 
Dakota  Dunes,  SD  57049. 


GIS  Consultant  sought  by  IT 
company  in  Denver,  CO  to  work 
in  Denver,  CO  &  other  unantici¬ 
pated  job  sites  in  the  US.  Design 
and  develop  in  Geographic 
Information  Systems  software 
applications  which  translate, 
analyze  and  visualize  spatial 
data.  The  applications  are  inde¬ 
pendent  of  computer  environ¬ 
ment,  across-platform,  and  often 
incorporate  relational  database 
management  systems.  Analyze 
requirements;  create  designs; 
code,  test,  debug,  implement 
and  modify  the  applications. 
Create  documentation.  Serve 
as  technical  manager  as  need¬ 
ed.  Utilize  Peri,  C,  SQL  and  pro¬ 
prietary  languages  and  tools  in 
designing  the  GIS  applications. 
Requires  Bachelor's  or  foreign 
equivalent  in  Geography  or 
Geographic  Information  Syst¬ 
ems;  1  yr  exp  designing  and 
developing  geographic  informa¬ 
tion  systems  software  applica¬ 
tions,  using  languages  including 
C  and  Perl.  8am-5pm,  M-F; 
$81, 600/year.  Respond  by 
resume  to  Employment  Prog¬ 
rams,  PO  Box  46547,  Denver, 
CO  80202  and  refer  to 
CQ5078731 


Quality  Assurance  &  IT  System 
Engineer:  Design  and  build 
installations  for  industrial 
automation  products  using 
Microsoft  Studio  C++,  Install 
Shield  and  DemoShield.  Man¬ 
age  Software  Source  Control 
Systems  and  Network  Adm¬ 
inistration.  Administration  and 
maintenance  of  company's  web 
server,  internet  domain,  e-mail 
system  and  ftp  site.  Requires: 
B.S.  in  CS,  Math  or  related  field 
and  five  years  experience  in  net¬ 
work  and  computer  systems 
administration.  Demonstrated 
knowledge  of  C,  C++,  and  IBM 
PC's.  40hrs/wk  (9:00  a.m.  to 
5:00  p.m.)  $92,833.00.00/yr. 
Send  two  resumes/responses 
to:  Case  Number  200204320, 
Labor  Exchange  Office,  19 
Staniford  Street,  1st  Floor, 
Boston,  MA  02114. 


Sr.  Prog  Analysts  to  manage 
teams  to  analyze,  design,  de¬ 
velop  appls  in  client  server/3-tier 
architecture  using  C,  C++,  Tux¬ 
edo,  Btrieve,  MQ  Series.Oracle, 
Sybase,  Socket  API,  COBOL, 
etc.  under  Windows,  Unix  OS; 
analyze  business  processes  to 
determine  reqs;  implement  ap¬ 
pls  and  perform  strategic  plan¬ 
ning/operations  support;  provide 
end  user  training.  Require  BS 
or  foreign  equiv.  in  CS/Engg. 
(any  branch)  &  3  yrs  exp.  in  IT. 
Competitive  salary,  F/T,  travel 
involved.  Resume  to  HR, 
Ordusion  Technologies,  Inc., 
3883  Rogers  Bridge  Road,  Suite 
504,  Duluth,  GA 


Paradigm  Infotech  is  looking  for 
programmer/system  analysts, 
DBA,  s/w  engineers.  Candidate 
must  have  BS/MS  with  experi¬ 
ence.  Good  skills  in  C/C++, 
Java,  Oracle,  WebLogic,  VB, 
HTML,  ERP  are  plus.  Traveling 
required  for  some  jobs.  Apply 
jobsffiparadiQminfotech.com. 

EOE.  No  call. 

OTS  (Object  Technology  Solu¬ 
tions)  has  multiple  openings  for 
IT  professionals  (software  engi¬ 
neers,  system/program  ana¬ 
lysts,  DBA,  etc)  to  design  and 
develop  applications  using  vari¬ 
ous  skills  such  as  VB,  Oracle, 
Java,  WebSphere,  SQL,  SAP. 
Req  MS/BS  with  exp.  Contact 
resumes@otsi-usa.com.  EOE. 


Financial  Systems 
Administrator 

To  maintain  the  company's  net¬ 
works  and  Internet  sys.,  imple¬ 
ment  network  security  measures 
to  protect  and  generate  the  com¬ 
pany's  financial  data  for  analy¬ 
sis,  design  and  maintain  the 
company's  English  and  Chinese 
website  and  update  online  insur¬ 
ance/investment  data  and 
quotes.  Req.  M.  S.  degree  in 
Comp.  Info.  Sys.  or  closely  relat¬ 
ed  field,  prof,  in  Access,  SQL, 
client-server  application  and 
working  knowledge  of  network 
info,  security.  40  hrs/wk.  Send 
resume  to  Corina  Chou,  5389-C 
New  P'tree  Rd.  Chambiee,  GA 
30341. 


Software  Engineer,  Systems  - 
research,  design,  develop,  im¬ 
plement  software  solutions  for 
clients  using  LabVIEW,  C,  C++, 
VB,  SQL  Server,  Database  con¬ 
nectivity,  PXI  modules,  etc. 
under  Windows  envir;  interact 
with  clients  to  write  system 
specs  and  perform  study,  analy¬ 
sis  and  design  of  systems  for 
automated  test  reqs;  provide 
on-site  implementation/technical 
support.  Require:  MS  or  foreign 
equiv.  in  CS/Engg.  (any  branch) 
&  lyr  exp  in  IT.  Competitive 
salary.  F/T.  Resume:  HR,  V  I 
Engineering,  Inc.,  37800  Hills 
Tech  Drive  Farmington  Hills,  Ml 
USA  48331. 


iKuni,  Inc.  currently  has  an 
opportunity  in  Palo  Alto, 
CA  for  a  Software  Engin¬ 
eer  (Artificial  Intelligence 
Engineer)  position.  Req's 
Ph.D.+  3  yrs.  of  exp. 
applying  Al  techniques  to 
real-time  games. 

You  may  send  a  resume  to 
iKuni,  Inc.  3400  Hiilview 
Ave,  Bldg.  5,  Palo  Alto,  CA 
94304. 
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Welcome  to  IT  Careers 

find  a  job  employers  features  &  tips 

find  a  job 

The  IT  Careers  Network  uses  the  power  of  The  Wall 
Street  Journal  s  CareerJoumal  jobs  database  to  bring 
you  the  largest  concentration  of  IT  jobs  available  Get 
e-mail  notifications  when  new  jobs  match  your 
search  criteria.  Post  an  online  resume  and  more 

•  search  jobs 

«  create  a  Job  Alert 

*  edit  a  Job  Alert 

•  post  a  resume 

♦  edit  your  resume 


features  &  tips 

Gather  the  best  IT  career- related  information 
features,  news  and  tips  from  some  of  the  best 
sources  m  the  industry  They  bnng  leaders  regular 
items  such  as  opinions  and  advice  from  industry 
experts,  special  packages  and  supplements  on 
career  trends,  salanes,  contracting,  hiring  and 
retention  issues 
•  Computet  world 


post  a  job 

Finding  the  right  IT  professionals  to  fill  your  available 
positions  can  be  a  challenging  and  time-consuming 
effort  IT  Careers  can  help  With  the  2  2  million 
unique  visitors  each  month,  the  online  seivices  that 
are  available  through  tT  Careers  is  a  smart  way  to 
deliver  and  job  posting. 

•  pest  jobs 

•  search  resumes 

•  become  a  Featured  Employer 

•  online  opportunities 


Looking  for  a 
new  IT  career? 

Explore  our 
huge  Jobs 
database 


i  careers 


advertiser  tools 


www.itcareers.com 


is  the  place  where  your 
fellow  readers  are  getting  a 
jump  on  even  more  of  the 
world's  best  jobs. 


Now  combined  with 
CareerJournal.com,  you  have 
more  jobs  to  choose  from. 

Stop  in  for  a  visit  and 
see  for  yourself  at: 

www.itcareers.com 
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NEED  TO  HIRE 
FAST? 

START  HERE 
FIRST! 


IT  Careers  and 
itcareers.com  reach  more 
than  2/3  of  all  US  IT 
workers  every  week.  If 
you  need  to  hire  top 
talent,  start  by  hiring 
us! 

Check  us  out  at: 
www.itcareers.com  or 
call:  (800)762-2977 


RESEARCH  PROGRAMMER 
University  of  Illinois  at  Chicago 

Administer  UNIX,  Windows  NT 
and  other  servers  used  for 
teaching;  programming;  provide 
instructional  technology  consult¬ 
ing  to  faculty;  help  develop  tech¬ 
nology-based  courses  and  teach 
computer  seminars  and  work¬ 
shops.  The  applicant  should 
have  a  Bachelor's  Degree  in 
Computer  Science  or  related 
field,  and  have  teaching  experi¬ 
ence.  The  successful  candidate 
should  have  two  years  of  com¬ 
bined  experience  in  Windows 
NT,  and  UNIX  system  adminis¬ 
tration,  Webmaster  experience, 
programming  in  HTML,  Peri  and 
C,  and  have  experience  in 
teaching,  course  development 
and  in  using  computer  and 
Internet  technology  in  education. 
Working  knowledge  of  Apache, 
IIS,  Tomcat,  Oracle,  PL/SQL, 
Transact-SQL  and  multimedia 
authoring  tools  are  a  plus. 
Please  submit  resume  by 
6/25/04  to  Mint  Simagrai, 
Academic  Computing  and 
Communications  Center,  1940 
W.  Taylor,  Room  124  (M/C  135), 
Chicago,  IL  60612.  UIC  is  an 
Affirmative  Action/Equal  Oppor¬ 
tunity  Employer. 


Systems  Analyst 

Analyze  existing  business  pro¬ 
cedures,  problems  to  evaluate 
effectiveness.  Analyze  user  re¬ 
quirement,  procedures  and  pro¬ 
blems  to  improve  existing  sys¬ 
tem.  Review  computer  system 
capabilities,  workflow,  schedul¬ 
ing  limitations.  Develop  full  test 
methodology  and  supporting 
testing  documentation  to  align 
with  existing  System  Develop¬ 
ment  Lifecycle  methodology. 
Develop  new  system  and  pre¬ 
pare  specifications  to  provide 
more  applications  to  meet  com¬ 
pany's  future  needs.  Prepare 
documentation  on  system  devel¬ 
oped  and  user's  manual.  Min¬ 
imum  requirements:  Associate’s 
degree  in  CS  or  related  or  equiv¬ 
alent  plus  2  years  experience. 
Please  mail  resume  to: 

The  Ballard  Group,  Inc. 

9450  Swan  Lake  Drive 

Granite  Bay,  CA  95746 


COMPUTER  System  Admin.: 
Install,  config.,  manage  HTTP, 
FTP,  SQL,  Mail  &  DNS  Ser¬ 
vers,  &  enterprise  messaging 
syst.  Develop  &  implement 
procedures  for  Web-related 
data  ctr.  syst.,  w/  applicable 
network  protocols.  Security 
measures  for  IS  &  networks, 
incl.  firewalls,  VPN  &  antivirus; 
monitoring  &  mgmt  tools. 
Oversee  database  &  meta¬ 
base  mgmt.  MS  Cert.  Profes¬ 
sional.  Respond  to  VP,  Opera¬ 
tions,  lntermedia.net,  Inc.,  800 
California  St.,  Ste.  200,  Moun¬ 
tain  View,  CA  94041. 


Systems  Analyst  for  IT 
Solutions  Co.,  in  Spring- 
field,  MO.  Send  resume 
to  Reynaldo  Collantes 
@  Technocrest  Sys¬ 
tems  Inc.,  3125  S. 
Pickwick  PI.,  Spring- 
field,  MO  65804. 


Computer  Network  Security 
Administrator.  Install,  con- 
fig.,  maintain  LAN,  WAN, 
Internet.  Plan,  coord.,  im¬ 
plement  network  &  internal 
data  security,  firewalls, 
VPNs.  Apply  EDI  protocols 
for  B2B.  Back-up  &  disaster 
recovery;  automate  IS  pro¬ 
cess.  B.S.  +  2  yrs.  exper. 
Send  resume  to  MIS  Mgr., 
Meiko  America,  Inc.,  2160 
E.  Dominguez  St.,  Long 
Beach,  CA  90810. 


Systems  Admins  to  plan,  design, 
install,  maintain  and  administer 
LAN/WAN  networks;  install,  con¬ 
figure  and  administer  Windows 
NT  Servers,  IIS  Servers,  SQL 
Servers;  maintain  backups  and 
provide  hardware/software  sup¬ 
port  for  users;  create  and  main¬ 
tain  user  accounts;  manage 
communication  systems  includ¬ 
ing  Mail  servers;  evaluate  new 
and  existing  systems  and  rec¬ 
ommend  future  IT  strategies. 
Require:  BS  of  foreign  equiv.  in 
CS/Engg.  (any  branch)  /Buss, 
with  2  yrs  exp.  in  Sys  Admin./ 
Sys.  Mgmt.  F/T.  Travel  Involved. 
High  Salary.  Resumes  to:  HR, 
Fourth  Technologies,  Inc.,  585 
Tollgate  Road,  Ste  I,  Elgin,  IL 
60123. 


Sr.  Prog.  Analysts  to  analyze, 
design,  develop  client  server/n- 
tier  appls  using  C,  C++,  Java, 
Perl,  HTML,  SQL  Server.  XML, 
ASP,  JSP,  Servlets.  EJB,  Web- 
logic,  Java  Scripts,  etc.  under 
Windows,  Unix  os;  tune  appls 
for  better  performance;  interact 
with  clients  and  end  users  for 
reqs  gathering,  analysis,  planing 
and  implementation;  perform 
debugging  and  modifications  of 
existing  software.  Require:  Ms 
or  foreign  equiv.  in  CS/Engg. 
(any  branch).  F/T.  competitive 
salary.  Travel  involved.  Resum¬ 
es  to:  HR,  Semafor  Technolo¬ 
gies,  Inc.,  3300,  Holcomb  Bridge 
Road,  Ste  212,  Norcross,  GA 
30092. 


Programmer  Analysts  to  ana¬ 
lyze,  design  s/w  appls  using 
SAP  R/3,  ABAP/4,  C,  C++, 
Java,  VB,  JSP,  JScript,  HTML 
on  UNIX/Windows  os;  gath¬ 
er/document  reqs  from  user 
community;  test/troubleshoot 
project  appl  code  according  to 
system  objectives.  Require  a 
B.S.  or  foreign  equiv  in  CS/ 
Engg  (any  branch)  with  2  yrs 
exp  in  IT.  High  salary.  F/T. 
Travel  involved.  Resume  to 
HR,  Smartsoft  International, 
Inc.,  3965,  Johns  Creek 
Court,  Suwanee,  GA  30024. 


Seeking  qualified  applicants  for 
the  following  positions  in  Collier¬ 
ville,  TN:  Senior  Programmer 
Analyst.  Formulate/define  func¬ 
tional  requirements  and  docu¬ 
mentation  based  on  accepted 
user  criteria.  Requirements:  Ba¬ 
chelor's  degree  or  equivalent*  in 
computer  science,  MIS,  engi¬ 
neering  or  related  field  plus  5 
years  of  experience  in  sys¬ 
tems/applications  development. 
Experience  with  Oracle  and 
UNIX  Scripting  also  required. 
‘Master's  degree  in  appropriate 
field  will  offset  2  years  of  gener¬ 
al  experience.  Submit  resumes 
to  Prashant  Tayade,  FedEx 
Corporate  Services,  30  FedEx 
Parkway,  HKA/TN,  Collierville, 
TN  38017-9623.  EOE  M/F/D/V. 


SBI  is  looking  for  the  following 
positions  for  its  offices  in 
Houston,  TX,  San  Francisco, 
CA,  Warren,  NJ,  Salt  Lake  City, 
UT  and  Portland,  OR:  Art 
Director,  Web  Designer, 
Programmer  Analysts,  Technical 
Architects,  Technical  Consul¬ 
tants,  Business  Strategists, 
Systems  Analysts,  Software 
Engineers,  Software  Deve¬ 
lopers,  SAP  Consultant, 
resumes  by  email  or  fax  only  to 
HR,  SBI  2825  East  Cottonwood 
Parkway,  Suite  480,  Salt  Lake 
City,  UT  84121: 

careers@sbiandcompany.com; 
Fax  (801)  733-3201. 


Sr.  Design  Engineer  -  Build  plat¬ 
form  h/w  &  system  architecture 
in  GSM/GPRS  smartphone. 
Multimedia  h/w  platform  design 
&  integration,  GSM  audio  signal 
processing  &  testing  &  routing 
DSP  audio  firmware,  modem  & 
application  h/w  test  cases  devel¬ 
opment  &  debugging.  Design  & 
integration  &  test  color  LCD  & 
digital  camera  &  audio  codec  in 
smartphone.  Masters  deg  in 
Comp  Sci,  Physics  or  Elec 
Engrg  reqd  +  1  yr  exp  in  job 
offered.  Send  resume  to 
Panasonic  Mobile,  1225 
Northbrook  Pkwy,  Suwanee,  GA 
30024,  Attn:  D.  Greer,  CA 


Engineer 

SOFTWARE  ENGINEER  VI  - 
WEB  TECHNOLOGY  -  (Walth¬ 
am,  MA)  Lead  the  research,  de¬ 
sign  &  development  of  computer 
software  systems  solutions.  Pro¬ 
vide  technical  expertise  &  ad¬ 
vice,  conceptualizing  &  creating 
technical  solutions  based  on  re¬ 
search  &  investigation  to  solve 
complex  problems  related  to  the 
design  &  deployment  of  high- 
tech  telecommunications  sys¬ 
tems.  Research  &  plan  architec¬ 
tural  designs  &  standards  used 
to  plan  &  guide  strategic  &  tacti¬ 
cal  telecommunications  activi¬ 
ties.  Translate  business  require¬ 
ments  &  processes  into  detailed 
strategic  designs  for  implemen¬ 
tation  by  software  engineers  & 
operations  personnel.  Develop 
&  direct,  as  well  as  serve  prima¬ 
ry  technical  lead  of  implementa¬ 
tion  phase  using  Solaris,  Win¬ 
dows  NT,  Java,  Visual  C++  and 
Unix.  Position  requires  a  Mas¬ 
ter's  Degree,  or  the  equivalent,  in 
Computer  Science  or  Computer 
Engineering  &  1  year  of  prior  ex¬ 
perience  in  the  job  offered  or  in 
the  related  occupation  of  Engin¬ 
eer,  Consultant  or  Programmer 
Analyst.  Employer  will  accept  a 
Bachelor's  Degree  plus  5  years 
of  progressive  post-Bachelor's 
experience  as  equivalent  to  a 
Master's  Degree  plus  1  year  of 
experience.  Progressive  experi¬ 
ence  must  include  experience 
with  Solaris,  Windows  NT,  Unix, 
Visual  C++,  Java.  $92, 840/year, 
plus  usual  corporate  benefits,  9 
AM  -  5  PM,  40  hrs/wk.  Mail  two 
copies  of  resume  to  Case 
#200204163,  Division  of  Career 
Services,  Labor  Certification 
Unit,  19  Stamford  Street,  1st 
Floor,  Boston,  MA  02114.  Must 
have  proof  of  legal  authorization 
to  work  in  the  United  States. 


Software  Engineers  to  design, 
develop,  maintain  appls  using 
OOAD,  Java,  XML,  JSP,  Java¬ 
Script,  HTML,  JDBC,  EJB,  JFC, 
Java  beans,  CORBA,  Weblogic, 
RationalRose  etc;  perform  reqs/ 
problem  analysis,  solution  de¬ 
sign,  implementation,  documen¬ 
tation  on  developed  appls;  pro¬ 
vide  training  and  user  support 
for  appls;  study/evaluate  new 
tech.  &  methodologies;  perform 
project  planning,  time/cost  sche¬ 
duling.  Require:  MS  or  foreign 
equiv.  in  CS/Information  sys- 
tems/Engg.(any  branch)/  &  1  yr 
exp.  in  IT.  Comp,  salary,  f/t. 
travel  involved.  Send  Resumes 
to:  HR,  Opal  Soft,  Inc.  3150 
Almaden  Expwy  Ste  205,  San 
Jose,  CA  95118. 


VeriSign,  Inc. 

has  an  opening  for  a  Senior 
Manager  (Info  Systems)  in 
their  Mt.  View,  CA  office  to 
direct  west  coast  information 
systems  operation.  Position 
requires  a  Bachelor's  degree 
in  electronics  engineering  or 
related  field  plus  3  yrs  of 
professional  exp.  in  the  job 
offered  or  with  network 
engineering  management.  To 
apply,  send  resumes  to:  M. 
LaFever  c/o  VeriSign,  487  E. 
Middlefield  Rd,  Mt.  View, 
CA,  94043,  and  reference  job 
PH.  EOE/ AAP. 


CBT  Nuggets 

(888)  507-6283  &  (541)  284-5522 
www.cbtnuggets.com 
Affordable  training  videos  on  CD 
MCSE,  MCDBA,  MCSD,  CCNA, 
Citrix,  Linux,  A+,  Net  + 


IPexpert,  Inc. 

(866)  225-8064 

www.ipexpert.com 

CCIE  (R&S,  SEC,  and  C&S),  CCSP, 

CCNP,  CCNA,  IP  Telephony 


IT  Education  &  Training  Directory 

Contact  the  companies  listed  below 
to  help  you  with  your  training  needs! 
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Elster  Electricity,  LLC,  a  world- 
class  provider  of  advanced 
electricity  metering  products, 
communication  solutions  and 
metering  automation  systems, 
is  looking  for  a  Embedded 
Firmware  Engineer  in  our  Ral¬ 
eigh,  NC  facility.  The  candidate 
will  design,  develop,  implement 
and  maintain  embedded  firm¬ 
ware  for  complex,  high-function, 
solid-state  electricity  meters 
and  intelligent  option  boards  in 
C  and  Assembler  using  various 
microcontrollers.  The  position 
requires  a  Master's  degree  in 
Computer  Science,  Electrical 
Engineering  or  related  field  of 
study  and  2  years  experience 
including  experience  develop¬ 
ing  embedded  firmware  in  C 
and  assembly  language  for 
electricity  meters  using  H8, 
M16C,  and  M3822x  microcon¬ 
trollers  and  implementing  ANSI 
protocols.  In  addition,  the  fol¬ 
lowing  experience  is  highly 
desirable:  working  knowledge 
of  ANSI  standard  meter  proto¬ 
cols  (C12.18,  C12.19,  C12.21); 
serial  communications  via  I2C, 
SPI,  RS-232,  RS-485;  modem 
communications  using  Si2400 
modem  chipset;  CMX  real-time 
operating  system.  We  offer 
competitive  salaries,  yearly 
bonus  eligibility,  and  benefits, 
including  medical  coverage, 
pension  plan,  401  (k)  plan,  paid 
tuition  reimbursement,  vacation 
and  12  paid  holidays.  Please 
send  your  resume  to:  Elster 
Electricity,  LLC,  208  S.  Rogers 
Lane,  Raleigh,  NC  27610,  Hum¬ 
an  Resources/PS,  Fax:  919- 
882-5906,  Raleigh. Staffing@ 
us.elster.com.  Visit  our  website 
at:  www.elsterelectricity.com. 
EOE. 


ADVANSOFT  INC.:  A  full  life 
cycle  C/S  software  consulting 
co.  has  multiple  Programmer 
Analyst  positions  available  for 
the  following  projects: 

REF#FX001 :  Business 

Systems:  Must  have  verifiable 
prof.  exp.  using  Java,  C++,  VB, 
JSP,  XML  and  weblogic  applica¬ 
tion  server.  Applicants  must 
have  a  BS  in  CS,  MIS  or 
Business  rel.  plus  2  yrs.  exp.  or 
2  yrs.  sys  analysis/prog  rel.  exp. 

REF#FX002:  C/C  &  Web  Apps: 
must  have  verifiable  prof.  exp. 
using  XML,  JSP,  HTML,  Java, 
Servlets,  EJB,  J2EE.  Applicants 
must  have  3  years  college  study 
in  CS,  Eng'g  or  App.  Sci  rel.  plus 
2  yrs  exp.  or  2  yrs  prog/analysis 
rel.  exp. 

Must  include  on  resume  the  job 
ref  #  that  you  are  applying. 
Multiple  job  sites,  may  change  to 
other  sites  throughout  US  as 
req.  Send  resume  to  Advansoft, 
1807,  Carriage  Court,  Addison, 
IL  60101.  Legal  right  to  work  in 
the  US  must  be  stated. 


Programmer/Analyst:  Gather 
user  requirements  and  perform 
systems  analysis.  Design  and 
develop  applications  and  data¬ 
base  under  close  supervision. 
Will  assist  in  the  implementa¬ 
tion  of  applications  and  prepar¬ 
ing  documentation  including 
user  manuals.  Will  work  with 
related  computer  programming. 
Conduct  user  demonstrations 
and  training.  Experience  to 
include:  Tools  to  include:  RPG 
III/! V,  SQL/400  and  Visual  Basic. 
Database  include:  DB2,  SQL 
Server  and  MS  Access. 
Bachelors'  degree  or  foreign 
equiv.  In  Comp.  Sci.,  Maths, 
Physics  or  Engineering  (any 
branch)  6  mths  exp  in  job 
offered  or  6  mths  in  a  relat¬ 
ed  occup.,  as  a  Consultant 
(Software.)  Salary:  $61,650.00/ 
year.  Hrs  of  work:  40  per  week 
Job  and  interview  site:  Boston 
MA.  Send  this  ad  and  two  (2) 
copies  of  your  resume  to: 
Case  #  200204575  Division 
of  Career  Services,  Labor 
Certification  Unit,  19  Staniford 
Street.  1st.  FI.  Boston,  MA 
02114. 


DynPro.  Inc.,  a  leading  IT 
Consulting  firm  headquartered 
in  Durham,  NC,  is  seeking  qual¬ 
ified  computer  professionals 
with: 

*  Websphere,  Net.Commerce, 
Net. Data 

*JAVA,  JavaScript,  RMI,  Swing, 
ASP,  HTML.  XML 

*  CGI  scripting-Perl,  Shell,  Korn 

*  C++,  OOS,  OOP,  Visual  Basic, 
visual  C++ 

*  SQL  Server,  DB2,  Oracle, 

QMF 

*  Win  NT  and  UNIX  administra¬ 
tion,  AIX 

*  ABAP/4  programming 

*  SAP-SD,  SM,  MM,  PP.  PI.  WM, 
QM,  PM,  FI-CO,  HR,  BIW, 
CRM  Functional  Consultants 

*  Lotus  Notes,  Crossworld 

*  JD  Edwards  Consulting  and 
tools 

All  positions  require  MS/BS 
degree  with  1  or  2  years  of  expe¬ 
rience  in  the  field  and  willing¬ 
ness  to  travel  to  client  sites 
throughout  the  USA.  Please  e- 
mail  resumes  to: 
mplueddemann@dynpro.com 
EOE 


Director,  Managed  Solutions 
Practice-Meet  w  /  reps,  of 
prospective  client  to  analyze 
client  needs.  Propose  project  & 
pricing,  utilizing  on-shore  &  off¬ 
shore  teams.  Plan  &  manage 
project  deadlines  &  budget.  Act 
as  liaison  between  client,  on-site 
&  offshore  team.  Responsible 
for  successful  implementation  & 
customer  satisfaction.  Bach¬ 
elor’s  degree  or  foreign  equiv. 
Degree  must  be  in  Comp.  Sci., 
Eng.,  Business  or  related  field. 
Must  have  2  yrs  project  man¬ 
agement  or  related  exp.  The  2 
yrs  exp  must  include  1  yr  project 
coordination/oversight  for  pro¬ 
ject  requiring  on-site  &  offshore 
teams.  $79,278/yr,  40  hrs/wk. 
EEO/AAP/M/F/V/H  Submit  res¬ 
umes  to  BECS/  CareerLink 
Program  Supervisor,  Indiana 
County  CareerLink,  300  Indian 
Springs  Rd,  Indiana,  PA  15701 
Job  Order  No.  WEB419603 


Software  Engineer-Develop, 
create,  modify  computer  syst / 
apps  software  &  specialized  util¬ 
ity  programs.  Analyze  &  design 
databases  within  an  application 
area.  Analyze  user  needs  & 
develop  software  solutions  using 
Internet  Applications  &  Internet 
Software.  Bachelor's  degree  or 
foreign  equiv.  Will  accept  3  yrs 
undergrad  study  &  3  yrs  exp  as 
a  computer  professional  in  lieu 
of  Bachelors  degree.  Degree 
must  be  in  CS/CA,  Eng,  Math, 
Chemistry,  Physics,  scientific/ 
business  related  or  social  sci 
field.  Must  have  1  yr  exp  using 
HTML,  Java,  Oracle,  Unix  & 
Websphere.  Extensive  travel  & 
frequent  relocation  required. 
$66,800/yr,  40  hrs/wk  EEO/AAP/ 
M/F/V/H  Submit  resumes  to  Site 
Manager,  Armstrong  County 
CareerLink,  1270  N  Water  St, 
PO  Box  759,  Kittanning,  PA 
16201-0759  Job  Order  No. 
419589 


Sr.  Software  Engineer  to  design, 
develop,  test,  implement  and 
support  web  based  and 
client/server  applications  using 
.NET,  Visual  Basic,  Internet 
Information  Server,  MS  SQL 
Server,  Oracle,  ASP,  JavaScript, 
VBScript  on  Unix  and  Windows 
Platform.  Require:  BS  Degree  in 
Science/Engineering  or  a  close¬ 
ly  related  field  with  5  years  of 
progressively  responsible  expe¬ 
rience  in  the  Job  offered  or  in  the 
related  occupation  of  Progra¬ 
mmer/Analyst.  Extensive  travel 
on  assignments  to  various  client 
sites  within  the  US  is  required. 
Competitive  Salary  offered. 
Apply  by  resume  to  :  Ravi 
Kandimalla,  President,  Everest 
Computers,  Inc.  875  Old 
Roswell  Lakes  Road,  Suite  E 
400  Roswell  GA  30076.  Attn: 
Job:  KV 
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Search  for  jobs  and 
post  your  resume  on 
itcareers.com  or  call 

(800)  762-2977 
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Check  out  our  jobs 
in  the  combined 
CareerJournal.com 
database. 


www.itcareers.com 


Computers 

Arxan  Technologies  (San  Fran¬ 
cisco,  CA),  developer  of  soft¬ 
ware  security  products  seeks 
Chief  Software  Architect.  Must 
have  MS  in  Comp.Sci  or  Comp. 
Eng  and  5  years  of  related 
experience.  Experience  must 
include:  4  years  exp  w/R&D  in 
advanced  anti-tamper  software 
(incl.  code  obfuscation  and  ac¬ 
tive  defense  tech);  3  years  exp 
w/design  &  building  advanced 
program  analysis  &  instrumen¬ 
tation  tools  at  binary  level;  3 
years  exp  w/  object/executable 
file  formats  (PE/COFF/ELF) 
and  linker  operations.  Send 
resume  to:  arch-jobs@arxan 
.com.  EOE 


can  rind  a 


better 


with  one  hand 


behind  your 


Just  point  your  mouse 
to  the  world’s  best 
IT  careers  site, 
powered  by 
CareerJournal.com 

Check  us  out  at: 
www.itcareers.com 

or  call 

(800)  762-2977 


Systems  Architect 
DUTIES:  This  is  a  full-time  posi¬ 
tion  paying  $88,000  per  year. 
The  System  Architect  develops, 
designs,  and  delivers  technical 
systems  that  meet  customer's 
requirements.  Meets  with  clients 
to  obtain  their  technical  and 
business  requirements.  Devel¬ 
ops  and  delivers  the  system 
architectural  design  document. 
Selects  tools  and  technologies 
for  system  development  and  de¬ 
ployment.  Manages  the  techni¬ 
cal  risks  of  the  design.  Produces 
plans  for  the  completion  of  pro¬ 
jects.  Determines  required  skill 
sets  based  on  design  and  tools. 
Designs  and  develops  complex 
prototypes  and  system  compo¬ 
nents.  Presents  and  defends 
architectural  design  to  clients 
and  staff.  Supervises  technical 
team  members.  Communicates 
and  resolves  technical  issues. 
MINIMUM  REQUIREMENTS:  A 
B.S.  in  Computer  Science,  Math 
or  Engineering  (or  foreign  equiv¬ 
alent),  plus  5  years  of  Software 
Engineering  or  Development  ex¬ 
perience. 

A  minimum  of  5  years: 

"  MS  Windows  Client/Server  De¬ 
velopment  Experience  (with  at 
least  two  years  of  experience 
with  all  of  the  following:  Visual 
Basic;  Java/J2EE;  Powerbuild- 
er;  and  C,  or  C#,  or  C++) 

*  Relational  database  experi¬ 
ence  (with  at  least  three  years 
of  experience  with  all  of  the  fol¬ 
lowing:  Oracle,  Microsoft  SQL 
Server,  and  DB2) 

*  UNIX  experience  (with  at  least 
one  year  of  experience  with  all 
of  the  following:  Solaris,  AIX, 
Dynix/PTX,  MP-RAS) 

A  minimum  of  3  years: 

*  Web  development  experience 
including  all  of  the  following  en¬ 
vironments:  HTML,  Javascript, 
IIS,  Apache,  ASP,  ASPNet, 
and  JSP 

■  XML  technologies  experience 
including  all  of  the  following 
environments:  XML,  XSL, 

XSLT,  XPATH,  JDOM,  MSXML, 
and  SAX 

'  Experience  using  MOM  (Mes¬ 
sage  Orientated  Middleware), 
including  both:  MQ-Series  and 
MSMQ 

■  Experience  BEA  Weblogic  and 
IBM  Websphere 

*  Object  Orientated  Analysis  ex¬ 
perience  using  UML 

The  following  are  also  required: 

*  Knowledge  of  the  Insurance  In¬ 
dustry  with  proven  experience 
building  insurance  solutions 

*  Experience  in  Internet  consult¬ 
ing  or  technology  solutions 

*  Experience  in  a  technical  lead¬ 
ership  role 

Applicants  should  submit  two 
copies  of  their  resumes  to: 

Jay  Watson,  Staffing  Manager 
Job  Order  #2004-002 
P.O.  Box  989 
Concord,  NH  03302-0989 


Software  Engineers 
Design,  build,  customize 
and  monitor  software  sys¬ 
tems  upon  evaluation  of 
user  needs.  Related 
Bachelor's  Degree  required 
(or  functional  US  equiva¬ 
lent)  plus  2  yrs  minimum 
experience  in  job  offered  or 
IT  industry.  Competitive 
Salary.  Full  Time  Roving 
worksites  throughout  US. 
Mail  resume  to  ECS,  HR 
Department  -  2875  NE  191 
Street  #701  Aventura,  FL 
33180. 


Programmer/Analyst  to  ana¬ 
lyze,  design,  develop,  test  and 
document  computer  Software 
programs  for  various  business 
applications  using  Oracle, 
PL/SQL,  Datastage,  Erwin 
under  Unix  and  Platform. 
Require:  BS  Degree  in  Science/ 
Engineering  or  a  closely  related 
field  with  2  years  of  relevant 
experience  in  the  Job  offered. 
Extensive  travel  on  assignments 
to  various  client  sites  within  the 
US  is  required.  Competitive 
Salary  offered.  Apply  by  resume 
to  :  Ravi  Kandimalia,  President, 
Everest  Computers,  Inc.  875 
Old  Roswell  Lakes  Road,  Suite 
E  400  Roswell  GA  30076.  Attn: 
Job:  AG 


Computerworld 


Powerful  Minds 
Attract 


Looking  for  a  career  on  the  cutting  edge  of  technology?  This  is  the  place.  People 
here  love  their  work  because  they  get  to  think  big  and  dream  big.  Combine  your 
proven  skills  with  our  resources  —  and  really  take  off. 


Microsoft,  Microsoft  Business  Solutions,  and  FRx  have  the  following 
opportunities  available: 

•  Redmond,  WA 

Software  Engineers,  Program  Managers,  Support  Engineers,  Systems 
Analysts  and  Consultants,  Business  and  Financial  Analysts,  Auditors  and 
Accountants,  Business  Development  Managers,  Directors,  Instructional 
Designers,  Marketing  Managers,  Product  Designers,  Product  Managers, 
Network  Engineers,  Technical  Writers  and  Editors,  Technology  Specialists, 
Systems  Engineers,  HR  Managers,  and  Software  Localization  Engineers. 

•  Atlanta,  GA 

Support  Engineers 

•  Charlotte,  NC 

Software  Engineers,  Support  Engineers 

•  Denver,  CO 

Software  Engineers  -  FRx  Software 

•  Fargo,  ND 

Software  Engineers 

•  Ft.  Lauderdale,  FL 

LATAM  MBS  Practice  Manager,  Financial  Services  Manager,  Program 
Managers,  Business  Marketing  Officers  LATAM,  and  Quality  Assurance 
Managers. 

•  Irving/Las  Colinas,  TX 

Support  Engineers,  Support  Professionals,  Developer  Support  Engineers, 
Solution  Integration  Engineers,  Escalation  Engineers,  Application 
Development  Consultant,  Technical  Leads,  Partner  Technical  Leads,  and 
Consultants. 

•  Malvern,  PA 

Financial  Analyst,  Marketing  Manager 

•  Mountain  View,  CA 

Software  Engineers,  Web  Design  Engineers,  Program  Managers, 
Hardware/Electronic/Design  Engineers 

•  Reno,  NV 

Product  Managers,  Contract  Management  Revenue  Analyst 

To  submit  your  resume,  please  visit  our  website  at  http://www.microsoft.com/careers 
or  mail  your  resume  to  Microsoft  Corporation,  Attn:  Microsoft  Staffing  -  A41, 

One  Microsoft  Way,  Redmond,  WA  98052.  Microsoft  offers  an  excellent  benefits 
package  to  full-time  employees  including  medical,  dental,  vacation,  employee  stock 
purchase  plan,  and  401(k).  All  part  of  our  commitment  to  our  most  important  asset  — 
our  employees.  Please  visit  our  company  website  for  more  details. 


microsoft.com/careers 


©2004  Microsoft  Corporation.  All  rights  reserved.  Microsoft  is  a  registered  trademark  of  the  Microsoft  Corporation  in  the 
United  States  and/or  other  countries.  Microsoft  is  an  equal  opportunity  employer  and  supports  workplace  diversity. 
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How  to  Contact 

COMPUTERWORLD 

We  invite  readers  to  call  or  write  with  their  comments 
and  ideas.  It  is  best  to  submit  ideas  to  one  of  the  department 
editors  and  the  appropriate  beat  reporter. 


Maryfran  Johnson, 

editor  in  chief 
(508)820-8179 

DEPARTMENT 

EDITORS 

Don  Tennant,  News  editor . (508)  620-7714 

Craig  Stedman,  assistant  News  editor . (508)  820-8120 

Mitch  Betts,  Features  editor . (301)  262-8243 

Tommy  Peterson,  Technology  editor . (508)  620-7729 

Kathleen  Melymuka,  Management  editor . (508)  820-8118 

REPORTERS 

Bob  Brewin,  mobile  computing/wireless:  Intel  PCs 

and  servers;  health  care . (505)  425-3551 

Matt  Hamblen,  networking:  network  systems  management; 
e-commerce;  CA. . (508)  820-8567 

Thomas  Hoffman,  information  economics;  IT 

investment  and  management  issues;  careers/labor . (845)  988-9630 

Lucas  Mearian,  financial  services;  storage: 

IT  management . (508)  820-8215 

Linda  Rosencrance,  general  assignment; 

transportation/carriers . (508)  628-4734 

Carol  Sliwa,  Microsoft;  Web  services  technologies: 

application  development;  retail  industry . (508)  628-4731 

Marc  L.  Songini,  ERP;  supply  chain;  CRM;  databases; 

data  warehousing;  EAI . (508)  820-8182 

Patrick  Thibodeau,  enterprise  systems;  outsourcing  and 
immigration  issues;  corporate  antitrust  issues . (202)  333-2448 


Dan  Varton,  federal/state  government:  legislation; 
critical-infrastructure  security:  travel . (703)  321-2277 
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Army _ 

Fairfax,  Va. -based  Premier 
Technology  Group  Inc.  but 
was  transferred  to  Arlington, 
Va.-based  CACI  International 
Inc.  last  year  when  that  com¬ 
pany  acquired  Premier  Tech¬ 
nology  Group. 

Frank  Quimby,  a  spokesman 
for  the  Interior  Department, 
said  all  existing  delivery  or¬ 
ders  under  the  contract  will  be 
fulfilled.  New  requests  for  ser¬ 
vices  under  the  pact,  however, 
will  be  denied  until  a  review  is 
completed,  he  said. 

“This  is  not  a  criminal  in¬ 
vestigation;  it  is  a  manage¬ 
ment  review  and  audit  to  see 
if  all  of  the  rules  and  regula¬ 
tions  were  followed  and 
whether  this  was  an  inappro¬ 
priate  contract  vehicle  to  pro¬ 
vide  these  [interrogation]  ser¬ 
vices,”  he  said. 

According  to  Quimby,  con¬ 
tracting  officers  are  responsi¬ 
ble  for  determining  whether 
the  services  sought  fit  within 
the  scope  of  work  defined  in 
the  contract.  “In  this  case,  the 
contracting  officer  determined 
that  the  interrogators  would  be 
using  the  IT  equipment  pro¬ 


vided  by  the  contract  by  enter¬ 
ing  information  into  databases, 
analyzing  the  information  col¬ 
lected  using  IT  software  and 
disseminating  the  intelligence 
to  other  military  commands 
using  the  IT  systems,”  he  said. 

Quimby  added  that  existing 
rules  set  by  the  U.S.  General 
Services  Administration  justi¬ 
fy  the  contracting  officer’s  use 
of  the  IT  contract  for  the  in¬ 
terrogator  services.  However, 
he  acknowledged  that  there 
are  “obvious  questions  about 
the  processes,  contract  and 
decisions  that  were  made.” 

‘Cutting  Corners’ 

So  far,  81  orders  have  been  is¬ 
sued  under  the  contract,  total¬ 
ing  $132  million.  However, 
only  11  of  those  orders  involve 
work  being  performed  in  Iraq, 
and  they  cover  a  wide  variety 
of  services.  Only  three  of 
those  11  Iraq-related  orders 
have  dealt  specifically  with  in¬ 
terrogation  or  intelligence 
work,  and  only  two  deal  with 
intelligence  personnel  at  the 
Abu  Ghraib  prison. 

Robert  Nichols,  an  attorney 
at  Piper  Rudnick  LLP  in  Wash¬ 
ington  and  a  member  of  the 
law  firm’s  homeland  security 
practice  and  Iraq  reconstruc- 


IT  Contract  Abuse  Is  Nothing  New 


The  Pentagon’s  inspector  gen¬ 
eral  has  documented  a  long 
history  of  IT  contract  misman¬ 
agement  and  misuse.  In  a  re¬ 
port  issued  last  October,  the  16 
found  that  98  out  of  113  con¬ 
tracts  valued  at  $17.8  billion 
failed  to  use  historical  informa¬ 
tion  to  define  requirements, 
resulted  in  questionable  sole- 
source  awards,  relied  on  inade¬ 
quate  data  to  determine  price 
reasonableness,  and  were  not 
subject  to  adequate  oversight. 

In  another  audit  conducted 
in  June  2003,  the  16  discov¬ 


ered  that  at  the  National  Im¬ 
agery  and  Mapping  Agency,  85 
out  of  86  contract  actions  total¬ 
ing  $247  million  had  serious 
problems,  including  missing  or 
inadequate  justifications.  And 
as  far  back  as  1995,  the  16  dis¬ 
covered  that  the  Defense  Infor¬ 
mation  Systems  Agency,  the 
Pentagon's  network  provider, 
improperly  used  an  IT  contract 
valued  at  $200  million,  result¬ 
ing  in  excessive  prices,  windfall 
profits  for  contractors  and  cir¬ 
cumvention  of  competition. 

-Dan  Verton 


tion  task  force,  said  federal  IT 
contracts  often  provide  a  lot 
of  latitude  in  defining  the 
scope  of  work.  In  addition, 
there  have  been  widespread 
instances  where  the  govern¬ 
ment  has  gone  beyond  the 
scope  of  work  to  include  non- 
IT-related  services  in  IT  con¬ 
tracts,  he  said.  “In  the  context 
of  Iraq,  there’s  such  a  hurry  to 
get  things  done  that  there  is  a 
lot  of  cutting  corners  taking 
place,”  said  Nichols. 

Ray  Bjorklund,  senior  vice 
president  and  chief  knowledge 


officer  at  Federal  Sources  Inc. 
in  McLean,  Va.,  said  any  kind 
of  contract  can  be  abused. 
However,  in  wartime,  it  some¬ 
times  makes  sense  to  interpret 
the  rules  broadly  about  how 
contracts  can  be  used,  he  said. 
“IT  services  can  be  extended 
into  professional  services,  and 
professional  services  can  be 
extended  into  interrogation 
and  intelligence  services,” 
Bjorklund  said. 

Liberal  interpretations  of 
the  scope  of  work  under  a 
contract  may  also  stem  from 


the  fact  that  as  companies 
such  as  CACI  grow,  the  types 
of  services  they’re  able  to  pro¬ 
vide  become  more  diverse, 
Nichols  said.  A  string  of  re¬ 
cent  acquisitions  has  blurred 
CACI’s  role  as  purely  an  IT 
company,  he  said. 

For  example,  in  addition 
to  its  acquisition  of  Premier 
Technology  Group,  CACI  ac¬ 
quired  the  defense  and  intelli¬ 
gence  unit  of  Fairfax,  Va.- 
based  American  Management 
Systems  Inc.  in  May  as  part  of 
a  broader  corporate  push  into 
the  defense  and  intelligence 
market  for  IT  services. 

“The  downside  is  that  when 
many  federal  IT  contracts 
were  originally  awarded,  they 
were  awarded  for  IT-specific 
reasons,”  said  Nichols. 

Phil  Kiviat,  a  partner  at 
Guerra,  Kiviat,  Flyzik  and  As¬ 
sociates  Inc.,  an  Oak  Hill,  Va.- 
based  federal  contract  con¬ 
sulting  firm,  said  it  would  be 
unfair  to  use  this  incident  to 
judge  the  entire  federal  pro¬ 
curement  system. 

“More  management  review 
and  discipline  would  keep 
abuses  from  happening,”  he 
said,  “but  [that  requires]  time 
and  money,  neither  of  which 
are  in  long  supply.”  ©  47209 
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Grid 


using  grid  technology  to  man¬ 
age  resources  across  4,000 
mostly  commodity-based 
servers  and  to  gain  processing 
speed.  Acxiom  processes  about 
45  billion  records  each  month. 

“Can  we  get  out  from,  under 
software  vendors’  powers?” 
Bennett  asked.  “Can  we  make 
a  truly  scalable  infrastructure 
where  we  are  not  at  the  whim 
of  a  software  vendor?” 

Bennett  said  that  most  of 
the  software  on  Acxiom’s  grid 
is  either  applications  built  in- 
house  or  open-source  soft¬ 
ware.  The  company  has  about 
300  developers. 

While  grid  computing  is 


gradually  expanding  into  the 
mainstream  enterprise,  it’s  still 
mostly  used  for  technical,  com¬ 
pute-intensive  applications, 
conference  attendees  said.  And 
since  smaller  niche  vendors  of¬ 
ten  write  applications  for  these 
systems,  it’s  not  unusual  for  li¬ 
censing  issues  to  arise. 

“Because  the  vendors  that 
we  work  with  are  small,  it’s 
very  difficult  to  convince  them 
that  they  should  change  their 
licensing  practices,”  said  Jef¬ 
frey  Mathers,  director  of  the 
research  and  innovation  group 
at  Johnson  &  Johnson  Pharma¬ 
ceutical  Research  &  Develop¬ 
ment  LLC  in  Raritan,  N.J. 

Large  vendors  such  as  IBM 
and  Sun  Microsystems  Inc.  are 
developing  licensing  models 
that  can  be  adapted  to  the  grid 


environment.  But  many  ven¬ 
dors  are  only  beginning  to 
come  to  terms  with  grid  li¬ 
censing. 

Albert  Bunshaft, 
vice  president  of 
grid  computing  sales 
and  business  devel¬ 
opment  at  IBM,  said 
grid  licensing  is  an 
“unresolved  prob¬ 
lem.”  But  he  said  he’s 
seeing  a  lot  of  inter¬ 
est  among  applica¬ 
tions  vendors  to 
work  with  IBM  and 
users  to  adopt  flexible  terms. 

Shahin  Khan,  vice  president 
of  Sun’s  high-performance 
technical  computing  business 
unit,  said  grid  software  licens¬ 
ing  is  “all  over  the  map.”  But 
Sun’s  per-employee  licensing 


adapts  well  to  a  grid  environ¬ 
ment,  Kahn  said. 

Dan  Kusnetzky,  an  analyst 
at  research  firm 
IDC,  said  software 
vendors  will  have 
to  adapt  to  the  grid 
environment  or 
risk  losing  users  to 
open-source.  “It’s 
clear  that  licensing 
and  business  rules 
are  going  to  have  to 
be  much  more  flexi¬ 
ble”  to  deal  with 
dynamic  environ¬ 
ments,  he  said. 

Some  users  say  grid  com¬ 
puting  is  worth  whatever  li¬ 
censing  problems  companies 
may  face.  Mathers  noted  that 
when  Johnson  &  Johnson  was 
studying  molecules  used  in 


drug  development  using  com¬ 
puter  simulations  on  a  32 -way 
server,  the  processing  time 
took  about  three  months.  Af¬ 
ter  moving  those  simulations 
to  a  grid,  processing  time  was 
cut  to  about  two  weeks. 

Dan  Kaberon,  director  of 
computer  resource  manage¬ 
ment  at  benefits  outsourcer 
Hewitt  Associates  LLC  in  Lin¬ 
colnshire,  Ill.,  said  he’s  able  to 
use  IBM’s  Smalltalk  object- 
oriented  programming  lan¬ 
guage  on  a  grid  without  a  per- 
node  charge,  unlike  with  some 
other  options  he  looked  at. 

Hewitt  moved  its  pension 
calculations  off  an  IBM  main¬ 
frame  to  a  grid,  making  the 
grid,  in  effect,  a  “co-processor” 
to  the  mainframe,  Kaberon 
said.  ©  47211 
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Not  Just  Semantics 

HOW  SOON  WILL  WE  START  seeing  pilot  projects  im¬ 
plementing  Data  Center  Markup  Language,  the  pro¬ 
posed  standard  for  automating  data  center  manage¬ 
ment?  This  year,  that’s  how  soon.  Last  week,  the  first 
draft  of  DCML  specs  were  unveiled.  And  now  Elec¬ 
tronic  Data  Systems,  one  of  DCML’s  biggest  backers,  says  it  will  be 
doing  real  pilots  with  end  users  within  months. 

That’s  good  news  for  two  reasons.  First,  with  EDS  racing  to  get 
DCML  working  for  data  center  management,  we  won’t  have  to  wait 


around  for  years  until  vendors  someday  sign 
up.  DCML  is  being  driven  by  people  who  actu¬ 
ally  run  data  centers.  It’ll  be  pragmatic,  IT-shop- 
focused  —  and  real  sooner  instead  of  later. 

And  second,  a  fast-tracked  DCML  will  give 
IT  shops  a  taste  of  the  Semantic  Web  inside  our 
own  glass  walls  before  we  have  to  deal  with  it 
in  the  outside  world. 

Remember  what  DCML  will  do.  Right  now,  if 
you  want  to  bring  a  new  server  online,  you  have 
to  make  configuration  changes,  set  up  monitor¬ 
ing  and  do  lots  of  other  adjusting.  Your  proce¬ 
dures  for  doing  those  things  may  be  well  de¬ 
fined  or  ad  hoc,  but  they’re  almost  always  per¬ 
formed  manually.  That  makes  mistakes  easier. 

DCML  promises  to  turn  those  procedures 
into  sets  of  XML-encoded  documents  that  pass 
the  necessary  information  around  your  data 
center  —  information  about  your  procedures, 
the  new  equipment  and  your  existing  data  cen¬ 
ter  environment.  DCML  will  automate  data 
center  processes  and  —  if  it  works  —  make 
them  faster  and  more  reliable. 

The  hard  part  is  getting  it  working  —  and 
it’s  nice  to  have  EDS  to  do  a  lot  of  the  proof- 
of-concept  heavy  lifting. 

Besides  DCML  making  data  cen¬ 
ter  management  more  efficient,  IT 
shops  will  get  an  extra  benefit. 

DCML  uses  some  of  the  same  con¬ 
cepts  and  technologies  as  the  Se¬ 
mantic  Web.  That’s  World  Wide 
Web  inventor  Tim  Berners-Lee’s 
vision  of  the  next  generation  of  the 
Web.  And  IT  shops  really  need  to 
understand  the  Semantic  Web  soon 
—  before  it  breaks  big  into  the 
mainstream. 

What  is  the  Semantic  Web?  In 
simple  terms,  the  Semantic  Web 
makes  it  much  easier  for  machines 


to  harvest  the  information  that’s  currently  em¬ 
bedded  in  the  text  of  Web  pages. 

For  example,  today  it  takes  either  a  human 
brain  or  complex  machine  intelligence  to  figure 
out  from  a  toy  store’s  Web  site  that  a  Happy 
Birthday  Barbie  doll  costs  $16.99,  while  a  Swan 
Lake  Barbie  costs  $19.99  and  the  Swan  Lake  Bar¬ 
bie  Gift  Set  costs  $44.99.  The  data’s  all  there, 
but  it’s  set  up  for  people  to  read,  not  search  en¬ 
gines  or  other  applications. 

But  tagging  the  data  with  Semantic  Web  tech¬ 
nologies  will  make  it  easy  for  a  search  program 
to  make  sense  of  the  information.  Semantic 
Web  boosters  say  users  will  eventually  be  able 
to  compare  and  buy  products,  coordinate 
schedules,  juggle  travel  plans,  collect  informa¬ 
tion  and  do  lots  of  other  data-intensive  tasks  — 
all  automatically. 

See  why  you  need  to  understand  it?  The  Se¬ 
mantic  Web  could  have  a  huge  impact  on  how 
your  company  does  business,  but  it’s  an  order 
of  magnitude  more  complex  than  the  original 
Web.  So  if  DCML  can  serve  as  a  dry  run  for  the 
Semantic  Web  and  improve  your  data  center 
operations  at  the  same  time,  it’s  easy  to  see  why 
we  want  DCML  to  go  live  as  soon  as  possible. 

And  definitely  before  your  CEO 
reads  about  the  Semantic  Web  and 
wants  to  know  your  IT  shop’s  plan 
for  implementing  it. 

So  cheer  on  EDS  in  its  sprint  to 
make  DCML  a  working  reality.  And 
cross  your  fingers  and  hope  the  Se¬ 
mantic  Web  doesn’t  pick  up  mo¬ 
mentum  anytime  soon. 

No,  DCML  and  the  Semantic 
Web  aren’t  competing  with  each 
other.  But  they’re  still  in  a  race. 

And  we’ll  all  be  more  likely  to  win 
if  DCML  crosses  the  finish  line 
first.  ©  47166 


frank  hayes.  Computer- 
world' $  senior  news  colum¬ 
nist,  has  covered  IT  for  more 
than  20  years.  Contact  him  at 

frank.hayes@computerworld.com. 


Unclear  on  the  Concept 

Hundreds  of  PCs  on  this  large  factory  floor  run  the 
same  graphical  application  day  after  day,  and  the 
monitors  are  showing  signs  of  bum-in  from  continu¬ 
ously  displaying  the  same  image.  Tech-support  pilot 
fish  pip  one  of  the  monitors  to  show  to  manager  as 
an  example.  “That  looks  pretty  bad,”  manager  says. 
"Can  you  make  a  screen  capture  of  that  so  I  can  send 
it  to  the  other  managers?” 

Pragmatist  a  m  ■  ni#  Shouldn’t  have 

User  gets  an  ullAKilt  access  to  the 

error  message  T  A II  If  room  at  any 

on  a  report  and  I  All  KW  other  time.” 


calls  IT  pilot  fish 
for  help.  But  fish  can’t 
get  access  to  the  file  - 
he's  not  authorized  to 
view  the  report  because 
it  contains  confidential 
data.  Still,  he  cm  easily 
reproduce  the  report  and 
the  error  -  and  he  does. 
“It’s  because  I  still  have 
full  access  to  all  the  files 
used  to  create  the  re¬ 
port,”  he  sighs.  “Now 
when  I  get  a  call,  f  just 
know  it  will  take  me  a 
little  longer  to  actually 
see  what  the  user  is 
talking  about.” 

Theorist 

Only  six  keycards  open 
this  server  room  door, 
but  there’s  also  a  keypad 
for  emergencies  -  and 
since  the  keypad  code 
hasn’t  been  changed  in 
years,  the  entire  engi¬ 
neering  staff  knows  it. 
When  things  start  to  go 
missing  from  the  server 
room,  pilot  fish  suggests 
giving  everyone  key- 
cards,  so  at  least  their 
entry  will  be  logged. 
“No,”  says  the  chief  en¬ 
gineer,  “they  shouldn’t 
have  access  to  that 
room.”  But  they  know 
the  keypad  code  -  they 
have  access  right  now, 
fish  says.  “They  have  the 
code  for  emergencies,” 
says  the  chief.  “They 


;  Optimist 

I  “You  locked  me  out  of 
j  my  account,”  irritated 
j  user  complains  to  help 
i  desk  pilot  fish.  “Why  did 
j  you  lock  me  out?  What 
j  did  I  do?”  Your  account 
j  is  automatically  locked 
•;  out  after  the  third  unsuc- 
j  cessful  attempt  to  log  in, 
i  fish  says  while  resetting 
j  the  account.  You  do 
j  know  that,  right?  Si- 
!  lence.  User  “It  works 
!  now.  Will  I  have  this 
I  problem  tomorrow?” 

!  Fish:  “I  hope  not.” 

! 

{ Realist 

j  Pilot  fish  is  taking  a  net- 
!  working  course  at  a  local 
j  college,  and  because  a 
i  new  classroom  needs  to 
j  be  wired  for  a  network, 
i  he  and  a  fellow  student 
j  get  the  assignment  of 
I  plugging  cable  into  the 
j  patch  panel.  “We’re  ter- 
I  minating  the  wires  for 
j  about  an  hour,”  says 
j  fish,  “and  the  other  guy 
j  says,  ‘Hmm,  I  hope  this 
|  is  all  done  right.’ I  ask 
|  him  why  and  he  tells  me, 
j  ‘I’m  colorblind:  I  can’t 
;  tell  the  difference  be- 
i  tween  some  of  these 
j  colors.*  So  I  spend  the 
i  next  hour  checking  all 
j  the  wires  and  retermi- 
i  nating  them  into  the 
!  patch  panel.” 
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